r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10961
Expires: Thu, 23 Mar 2023 19:10:10 GMT
Date: Thu, 23 Mar 2023 16:07:29 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 210a2a42cfc4f4aced144f5de9babcc6
ece6ecfb2db8d036c3bfc7f02f8ea387e3f965db
59553a312d3fb34f1f0aea469f7e7cc810ff9993481ddbd73ea5d461cf97ed51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59553A312D3FB34F1F0AEA469F7E7CC810FF9993481DDBD73EA5D461CF97ED51"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11352
Expires: Thu, 23 Mar 2023 19:16:41 GMT
Date: Thu, 23 Mar 2023 16:07:29 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10200
Expires: Thu, 23 Mar 2023 18:57:29 GMT
Date: Thu, 23 Mar 2023 16:07:29 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 15:15:07 GMT
content-type: application/json
age: 3142
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: u6FWyUYWz85shmhBk6oQLfg/M8zm2eWyQ5BVJvcgAOGWtiFE4sTXyc/SzCHVE/Xz/QZKY3svqXntp4mnVi2roA==
x-amz-request-id: RZRPV60T6ZK9KDRY
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 15:54:06 GMT
age: 803
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
149.28.159.163/m/index.php
149.28.159.163301 Moved Permanently 169 B URL HTTP/1.1 149.28.159.163/m/index.php
IP 149.28.159.163:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751
Analyzer Verdict Alert quad9 Sinkholed
GET /m/index.php HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:29 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://149.28.159.163
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:29 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 15:14:33 GMT
age: 3176
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 18b877ebbad1529e4bd91e12220d91c4
a3d64fb3d9cc1fe3a29b261c4ec9acfe134dfedc
7001d3ef847c7002ac15155f0dfcc0a369f19860e85c8e90530f1e7b2dd88f09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7001D3EF847C7002AC15155F0DFCC0A369F19860E85C8E90530F1E7B2DD88F09"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12136
Expires: Thu, 23 Mar 2023 19:29:45 GMT
Date: Thu, 23 Mar 2023 16:07:29 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 31e638371141b98b673da8ba6a25d343
3217608ecd5aa40b8306a83599f22914747d3296
1e632fcfaa0a73621c98af646616fee7d1605032eddb8d077d0ee7d7eff3e036
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 16:07:30 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 20 Mar 2023 16:34:54 GMT
Expires: Mon, 27 Mar 2023 16:34:53 GMT
Etag: "3217608ecd5aa40b8306a83599f22914747d3296"
Cache-Control: max-age=346642,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac7ed7c4964b521-OSL
push.services.mozilla.com/
52.43.16.248101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.16.248:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1AV5hUALBRXK9JiIUd1Emw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Kn2yQEYQ3LzBA70e4BmisMc59BA=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21245
Expires: Thu, 23 Mar 2023 22:01:36 GMT
Date: Thu, 23 Mar 2023 16:07:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21245
Expires: Thu, 23 Mar 2023 22:01:36 GMT
Date: Thu, 23 Mar 2023 16:07:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21245
Expires: Thu, 23 Mar 2023 22:01:36 GMT
Date: Thu, 23 Mar 2023 16:07:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21245
Expires: Thu, 23 Mar 2023 22:01:36 GMT
Date: Thu, 23 Mar 2023 16:07:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c05bfdf1411a931d8ea9adc64b07bc74
156ef59e53564a4f2b27002b2695fafecd578d82
15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6692
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9d9FcOoAMFaFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Jj5lAwItWYm45j5kLqQnd3fhsiGsiuSiSVtrBUOolyHvPAmCc0S71A==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 07:54:24 GMT
age: 29587
etag: "156ef59e53564a4f2b27002b2695fafecd578d82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90f64fe111aa6e90ebf52e0335d21b75
4f25bdbffca3803b02c196c38491223684d36b4d
37894e16112286470b7fd2e0bbd5ca74944e6cb5ca6e8aff189c4515122a0d40
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F772d9c75-9796-494f-9fc4-91d04e2bac53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4905
x-amzn-requestid: f2297c3e-1187-48f5-bffb-c5ea1a79a10b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CBFgcF4_oAMFd6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6416b602-02696af01c0d586c631c5b45;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 07:13:06 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: R9mjcik3i0kISOeO4gVZP6XhhvZO00mriabAtJ8vv1kNhRpz_lfsHQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 06:31:03 GMT
age: 34588
etag: "4f25bdbffca3803b02c196c38491223684d36b4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6f0b9e85381489dcf646c251722b21d4
5f7ea91288a2170bcabdca6be296718c4191eacd
911f803271ad9053ebac3787bdde9b75ec604acc6aa28692cc8e4c5c4fb61483
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08561a1f-1d19-45db-be98-107d6b1ed25d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10480
x-amzn-requestid: 58aa8272-4b4e-4a2f-9d6e-d47f70891c49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJptHG7JoAMFSwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2320-2fd6502b1271d5c13b4ebbe9;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:28 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: pFCYGtd2b7lK7OBFHjCsgqqLfhtMAQDB0vyYFyf1sv-3CkSHbEh3mA==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:59:52 GMT
age: 65259
etag: "5f7ea91288a2170bcabdca6be296718c4191eacd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261caab9-983c-4eb1-9fca-fd73dc738e9e.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261caab9-983c-4eb1-9fca-fd73dc738e9e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e89d0b1281259e7399294fb5fa19d2b
5035ed41f497c97faefae9cdaf42dc07ab468557
f404d286deab5b4759be6e554e6488faab3b4f7988a86eb57520dac4e0d6a192
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261caab9-983c-4eb1-9fca-fd73dc738e9e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10284
x-amzn-requestid: e4d2c324-d0b0-436d-9739-29269e62aed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM6hjEqtIAMFvXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b713c-5a5bd6b60c1f52ab580f1757;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:21:00 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Pv-MA9gQ4PmXuY3EWSC77_g2fn_C9-bYUQ4azcrxLNvtwY6CZZg1nA==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 07:55:01 GMT
age: 29550
etag: "5035ed41f497c97faefae9cdaf42dc07ab468557"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4a771935927950222124e14b56046df
d07fe53e4ac41048497b2732c017f6666c3eda9e
4e8388626074646c2336711be0a170ceab367c343648a32d2389dd87640251d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4912
x-amzn-requestid: d8fcf495-12af-42ae-ad69-0ea07b1a8669
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8H3Fl1IAMFYgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73cb-01cbd1981a57e53b3d3cde93;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: soxgrR0B6Rz79QysB7qbMTsNYmkYfG8doOMPpTEd9uLlrE6WTcDKdw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:44 GMT
age: 65987
etag: "d07fe53e4ac41048497b2732c017f6666c3eda9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tu0ENc_6tfykYc23nLfwYEMsi5HIfaDWF6dvzVTfX5rfjr3JrmMrCA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:02:44 GMT
age: 65087
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 23c054d3aee551b6fdc42a5a472a7040
b1a46c12ac7d65c979fd1998bdb243f3dba8f956
9e8b91ab91da9ea20dfb5f90c1c06239d2872b0eb80785534d0c59c3b51de404
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 16:07:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-ZVKJ9PJR49
142.250.74.168200 OK 79 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-ZVKJ9PJR49
IP 142.250.74.168:0
File type ASCII text, with very long lines (21772)
Hash 3d3cff2fd3df0e1cf84198fece59fd66
edd7e0388014e9e749867f82f2b615d4e38515c1
972ed291244f862a2f959dc816e6e82b49dc51c30b8118b979887e53a635df97
GET /gtag/js?id=G-ZVKJ9PJR49 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 23 Mar 2023 16:07:32 GMT
expires: Thu, 23 Mar 2023 16:07:32 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 78795
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 23c054d3aee551b6fdc42a5a472a7040
b1a46c12ac7d65c979fd1998bdb243f3dba8f956
9e8b91ab91da9ea20dfb5f90c1c06239d2872b0eb80785534d0c59c3b51de404
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 16:07:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
149.28.159.163/
149.28.159.163200 OK 131 kB IP 149.28.159.163:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30175), with CRLF line terminators
Size 131 kB (130640 bytes)
Hash 16bb3ede86be5cd5250ddf02b890699c
053009847b8810e04b1d48f6e8fac938c903bac6
74b31c2f7b2559371b67b07b8574a575564fa5fd6724f8f4a7ad7606bb67edf6
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/7.4.6
Set-Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; path=/
agent=kexaa; expires=Sat, 22-Apr-2023 16:07:30 GMT; Max-Age=2592000; path=/
link_img=bcw; expires=Sat, 22-Apr-2023 16:07:30 GMT; Max-Age=2592000; path=/
koderedis=1519; expires=Sat, 22-Apr-2023 16:07:30 GMT; Max-Age=2592000; path=/
public=bcw; expires=Sat, 22-Apr-2023 16:07:30 GMT; Max-Age=2592000; path=/
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=My3cRfQwwIHqrjxP3Y5Z0v6QtNWZuKuFHGGyCi51WMtbE5SU4v2RE9K6l0pDk5Cjk94F2so0O5DI51jmZ0xDzkkek7GKn7QG9ZNo9qwzsI7ciiG8Ccu53iS627tFISsrjxbcjCjchu8q18eo1YM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed7e5a2387d5-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/text-rotator/css/simpletextrotator.css
149.28.159.163200 OK 2.9 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/text-rotator/css/simpletextrotator.css
IP 149.28.159.163:0
File type ASCII text, with very long lines (558), with CRLF line terminators
Hash 5976697c75d40d6d2f467d392dcf5939
03479dd360f2eabcb8d3a06aa5a1264e66ad8fb1
90db202d75c6bc76ef8cfd09704668c173bdad4b433f9ef358139a55996b7b8a
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/text-rotator/css/simpletextrotator.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:32 GMT
Content-Type: text/css
Content-Length: 2949
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:56 GMT
ETag: "d488e8fe83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1095
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uxCYbfmuDSkS7MtKXMPxGQQiHXAlAvnJVgA5wyC3OhDl0BXyjshUrQTMhdoMa4Vta5uYDWHWKuvtMXrS6%2BK%2BUb%2FcqbXImLMHnhIJ%2BQqOOhxwwcXmVCHpFcnZmtTeaiTrN1E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed8e9f893e1a-SIN
alt-svc: h2=":443"; ma=60
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash fe5179068f428814d5c427b470b1eb15
5122a9be111de9b35f6d29a0a6ed05536248bde1
5c5fafc0ac6916452d5a333ff2d4fde139e2cd4cb2978289fc0a669f1770c001
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 03:50:26 GMT
Expires: Wed, 29 Mar 2023 03:50:25 GMT
Etag: "5122a9be111de9b35f6d29a0a6ed05536248bde1"
Cache-Control: max-age=473571,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac7ed8f0addb509-OSL
149.28.159.163/assets/css/vendor/bootstrap-checkbox.css
149.28.159.163200 OK 7.1 kB URL HTTP/1.1 149.28.159.163/assets/css/vendor/bootstrap-checkbox.css
IP 149.28.159.163:0
File type ASCII text, with very long lines (876), with CRLF line terminators
Hash 16102c492a4cbe209df2cb87936463e7
53b72600698b641a25c0b6cbca39c3b96cd74b2f
b55dd7904693f5816c82e63451652aa3b7aae7328a55ba2f7794954cb8350ee9
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/vendor/bootstrap-checkbox.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 7063
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:27 GMT
ETag: "5def467ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2893
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b9aPKOWZC1sA0oVCTqZIwR05UEqjFZuvShlKy7Zmu6iitnwOPvwI92HtnhdEDbkvC0UuyON6iBHv%2BGpec4YZqC8LjKZc6vleKNnDfDjL%2BWA4F3p6kFIyQ6QLCrlxd8bZCY6WGRomjiYwmbC6NyU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed8f8f0e892c-SIN
alt-svc: h2=":443"; ma=60
iili.io/L2BuWv.webp
104.21.235.69200 OK 383 kB IP 104.21.235.69:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 383 kB (382742 bytes)
Hash 428c4714e38c2e0920b4e218d1c3a4cb
d2fd3653147c59c9b870a8fd08d5d8c1bc98ae2e
0ceb92c636e9946e7f4687278a6e513a5530722d855558afea4f45ab6b47d736
GET /L2BuWv.webp HTTP/1.1
Host: iili.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 16:07:33 GMT
content-type: image/webp
content-length: 382742
last-modified: Wed, 28 Sep 2022 14:37:52 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lMuoEcUfEWLCJp2P%2BtlP0NPc0%2BkORMpaKHdgNJN4oMxWTp2ZJo9HDrzLTGdnKgWCT2iWfEqpFt4pTpG8ybJyEUWy3p5fXJhl%2BhIaK%2F5yvZtrmwfbeu7NpDub"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac7ed8ed8fc2404-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
149.28.159.163/assets/css/vendor/ribbons/3d-corner-ribbons.css
149.28.159.163200 OK 5.6 kB URL HTTP/1.1 149.28.159.163/assets/css/vendor/ribbons/3d-corner-ribbons.css
IP 149.28.159.163:0
File type ASCII text, with very long lines (428), with CRLF line terminators
Hash 352460ada04847e59e0b19af8379272f
e7f7fb6205d88c5d290b52cef0b0a7da77ff4034
6567564e01ecbc001e7b1ea58add63efd0dcbedf6c6d3f1cfc9890ef12924422
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/vendor/ribbons/3d-corner-ribbons.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 5616
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:27 GMT
ETag: "7951497ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r4sHBlrPtbNvDrOTvq4KjOWxU9y2FqXg4qaW8vCmS6%2FfRk%2BzH6zP1zECDXks9xf4WFxVr1061K%2BJZ0P4JOoZhBiKq3%2Fgfkbl1Kzm1rvU3pb8PMqHCvfEEIVlLcFTPh0yMbm5KanYzUAydb0rGoU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed8f89eb87c6-SIN
alt-svc: h2=":443"; ma=60
iili.io/L2BAsR.webp
104.21.235.69200 OK 726 kB IP 104.21.235.69:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 726 kB (725498 bytes)
Hash f98399e027be0c4c756f20bbc6b8f562
bc12cf5349c8cea33c7449a3cc7da138f6e459a5
26363130b018b33b39a935904d3335ce36cad14d71d03d835810d0635952af6c
GET /L2BAsR.webp HTTP/1.1
Host: iili.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 16:07:33 GMT
content-type: image/webp
content-length: 725498
last-modified: Wed, 28 Sep 2022 14:37:54 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BVP3sALYIgO3Q3DSpMWoA21hnXFdJMEG8c%2BIyf7PmILimd1RUbTeX3NNSihyCxyDrTJlvomgNw%2BNmBOWVQ4JFp7WU2PpsNp7H4xlZncXxS%2FQ%2BAarJjVboU3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac7ed8ed9032404-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
aksespintas.com/alxgroup/message_exogroup.js
172.67.202.37200 OK 6.1 kB URL HTTP/2 aksespintas.com/alxgroup/message_exogroup.js
IP 172.67.202.37:0
File type ASCII text, with very long lines (15468)
Hash 1d0513ddab8b855d3afcf1a432e28a00
0a59b48d61d14c45b8bb84d11d0286c8c2be8c75
ddd1f97ad5d4926ae0d46622bee58455bb3383a6d12a2244e269bc6e897b8222
GET /alxgroup/message_exogroup.js HTTP/1.1
Host: aksespintas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 16:07:32 GMT
content-type: application/javascript
last-modified: Sun, 19 Feb 2023 10:50:28 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2BvuuawJX%2F5jVd7mWb%2FqmcNlikVtx4yAXjUqK5ynQOoPPl5eVfd3r58i7udENcWpCaxK5TibPrkhXmeIsL0iC%2BhBFML5OdAzZKXkuvvTqGVtLBim37zWbtwPJuWZ1N4rLF4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac7ed8bff28b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
149.28.159.163/assets/css/font-awesome.min.css
149.28.159.163200 OK 31 kB URL HTTP/1.1 149.28.159.163/assets/css/font-awesome.min.css
IP 149.28.159.163:0
File type ASCII text, with very long lines (30837), with CRLF line terminators
Hash a0e784c4ca94c271b0338dfb02055be6
88af80502c44cd52ca81ffe7dc7276b7eccb06cf
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/font-awesome.min.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:32 GMT
Content-Type: text/css
Content-Length: 31004
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:26 GMT
ETag: "7f0307de83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGU9tNp4mp%2BZzzRYqOTXnH2urwOi%2BoPFA5dWGbyG%2Fuf2BhiL4npAh7xr%2FSOS4g%2BaWVlQfgAe5%2BRbYtIyG%2Fs7gOvJ%2F5S75s6HKMZ6Jtjd6wri%2BnYgMall10en5lPzeaYhuHPNsQrQDXRt8oV41lE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed8f1ff54d63-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/css/vendor/bootstrap/bootstrap.min.css
149.28.159.163200 OK 109 kB URL HTTP/1.1 149.28.159.163/assets/css/vendor/bootstrap/bootstrap.min.css
IP 149.28.159.163:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 109 kB (109290 bytes)
Hash 9be7e92c9d3c0d15e957a9ba50011c73
43d16973b90a33413b7d13c924edeca9b2a086c5
5e720bd6a28f46376baf874444d00ba888a962c54434f2541bd54a7a27a95eb0
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/vendor/bootstrap/bootstrap.min.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:32 GMT
Content-Type: text/css
Content-Length: 109290
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:27 GMT
ETag: "7951497ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2979
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLutTueXk3uBPNDMFT6jxJbICXNxmPphTcntbcdythJLlqDwt0yDImgtEstizKFY5CLJXonsP153afWW402Dcc%2BTNDmwIkjCHj%2BsNx7XeuOMarjtccPP51gz2e3%2BNz%2F7NAQvHIZRxzUXXaIj0mg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed8bedfc3fb3-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/css/fonts.css
149.28.159.163200 OK 3.1 kB URL HTTP/1.1 149.28.159.163/assets/css/fonts.css
IP 149.28.159.163:0
File type CSV text\012- , ASCII text, with CRLF line terminators
Hash 43ff0936695dd4dbccdc066a9d8a2b14
87a307706c01c0a747b8207323c6d9058bd7b7a5
befb78330675f369d78b314e54bf5f8070ab0337394d24980459476ce7bc3e7a
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/fonts.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 3109
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:26 GMT
ETag: "7f0307de83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2979
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0pN3WsrTW%2FFYfh2QSXSzCTw78bm0g2pDRmQrUPFjkgF31WVZAa7KafYdox81QfWDIifI%2FJ9j3ncr%2B5AOsHiRd4woHsfqPn6kKyJ89Ku1KmNXVeyYjMX73kMfNx%2BcKaGso4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed911eb987a7-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/owl-carousel/css/owl.carousel.css?id=889
149.28.159.163200 OK 1.2 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/owl-carousel/css/owl.carousel.css?id=889
IP 149.28.159.163:0
File type ASCII text, with CRLF line terminators
Hash b2db09996bbb388565be894a4ea805a8
a7ea16aa590ddd13231c7476ba829aa54e0c4122
6874aea7c6ae105153933f46c8499f610fe409434b47ee060fd3d7dd14cadbc4
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/owl-carousel/css/owl.carousel.css?id=889 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 1218
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "8572fb8ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3982
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7xBDOH2WSXmOm%2FPsrnKxzGGdek3IdcOrzSOKxz9Yq9k2cOMItjqLjjolfUa8eTieQ4Mn%2BE%2BMZB1Jrkq4twdhB3%2FHRZxTtnAiJbBUPyCb2ZwvzWVldNLROIycWhDeb7n3cqmbjuozHAM%2FR8MIao%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed915dfa40b0-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/owl-carousel/css/owl.theme.css
149.28.159.163200 OK 1.2 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/owl-carousel/css/owl.theme.css
IP 149.28.159.163:0
File type ASCII text, with CRLF line terminators
Hash 5236a0af07c03dab4e07484abc70d529
04835e9611a4b8c85f2ffcdd29f73688c6b01749
07e37212005f861c737c33bb6d16c51c83ecce78ac5a53bb8ffc2c190fcc22dc
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/owl-carousel/css/owl.theme.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 1177
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "8572fb8ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1jz5M6Oru7O0R50CfJdFZbzRCetnkT4QGPL0ZfJztSS1o%2FSfHVIgl29jFXbcEsLiY5rqqEQwemqeAAZFKkN8bRqFXIgfeM%2FCfUoShgpIAjRro0XNASyrHrnvvbPZiYdp4%2Bo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed917fea40c5-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/owl-carousel/css/owl.transitions.css
149.28.159.163200 OK 3.9 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/owl-carousel/css/owl.transitions.css
IP 149.28.159.163:0
File type ASCII text, with CRLF line terminators
Hash 1b5836f9e56b8a905cfbe05779be22f5
40477cb7ebffd785b12f955c1e00f8d2514e4427
43f11ee423c3658129986be738168dcdd2195b55c856996bc5c1dadd627095c3
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/owl-carousel/css/owl.transitions.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 3913
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "8572fb8ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6876
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5npTU21JVyeWRd%2BLW8DZWyDLA1W0%2FbGfgwJXDv5xJAqpw7wtfYT%2Fsf06vO8qdMEsr3PshaszmNQJf9DIZvm%2FUsznJdeVk762a1yDr5xxGaef7f%2FFoiG3DthQa4rY2%2BYTb72OzzycZlNLZbNYxo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed926c5b4ca7-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/css/vendor/animate/animate.css
149.28.159.163200 OK 46 kB URL HTTP/1.1 149.28.159.163/assets/css/vendor/animate/animate.css
IP 149.28.159.163:0
File type ASCII text, with very long lines (315), with CRLF line terminators
Hash f8be62c6a2f0ff9d2275a11422368627
b34c7ebe851820b2f18660e9b3cc76f3bb1a18f5
b6041cb0c3f82e02c761e09ac1df60d3b3aab5eb85dc965605152294375234f3
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/vendor/animate/animate.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 45896
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:27 GMT
ETag: "5def467ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 431
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hljH3E5bo9RnApxfw0VAflqP0JAq%2F0KQT9BabwkrGVX8HXLxVuzn5dUp8vwYcVSwFtqsMuocluTHP2KlFn5aECHwBe6iCrT8N%2BBvP02xorkPO5hGJf6ljq9s7XeQBbQ97wHEPgj6J0M9RvzGw60%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed8f18ba89ac-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/nivo-lightbox/css/nivo-lightbox.css
149.28.159.163200 OK 4.7 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/nivo-lightbox/css/nivo-lightbox.css
IP 149.28.159.163:0
File type ASCII text, with very long lines (343), with CRLF line terminators
Hash 481d33133447b3ec79ed988680a2ea9c
cbadb77317435b9b711efea228eab44452091373
1bff9a415aceec0a9f5c386f506371744f3ec0da4827f8f257664532952693ff
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/nivo-lightbox/css/nivo-lightbox.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 4674
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "4210f98ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6994
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hCHLp6u31zNJhlosT4zT8uqieOO1LfQhROR6X8QSvmeRDTFirYBWMKMZyS2YERSrlrx7rF4UTNhypbhxsfKDh4D2F%2FOdhl5TZdjbZow%2BCJN0P9DQ%2FcRVxmR7k%2FY9jsdGyT28y19%2FgqegUSDgfIc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed926b2f6bf4-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/nivo-lightbox/css/themes/default/default.css
149.28.159.163200 OK 2.4 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/nivo-lightbox/css/themes/default/default.css
IP 149.28.159.163:0
File type ASCII text, with CRLF line terminators
Hash 52bbe60d880a8aa333749d9fc0cd4c18
14c8dddb85f1ec0f871bb9a86e1692067824be81
8b46c3afe5553b3510228853d3961cb538fc7498cf82124222fcac9d8945af08
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/nivo-lightbox/css/themes/default/default.css HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 2356
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "4210f98ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6994
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FNcrmQcSZkW9LdLKt359B28q3YCF2Oxi8ZmIIRStasaIDvYvzX%2BZnXa58UVEmwAW%2FqjqsFdEXsgi9w4dWxZnytZ524NOeDELlFSc2utvwXGGx5ro0XJf8iEhIZmZCL2Gook%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed92cd5587dd-SIN
alt-svc: h2=":443"; ma=60
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash fe5179068f428814d5c427b470b1eb15
5122a9be111de9b35f6d29a0a6ed05536248bde1
5c5fafc0ac6916452d5a333ff2d4fde139e2cd4cb2978289fc0a669f1770c001
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 03:50:26 GMT
Expires: Wed, 29 Mar 2023 03:50:25 GMT
Etag: "5122a9be111de9b35f6d29a0a6ed05536248bde1"
Cache-Control: max-age=473571,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac7ed8f0bb6b521-OSL
149.28.159.163/assets/css/additional.css?v=1.4
149.28.159.163200 OK 11 kB URL HTTP/1.1 149.28.159.163/assets/css/additional.css?v=1.4
IP 149.28.159.163:0
File type ASCII text, with very long lines (7696), with CRLF line terminators
Hash a31281aee980ae87ab10723d62f7586c
e5675f7883b04f1029aa76a5b33177f32ceb35d9
0f8bfb3ab3949b41d8f2d1cdee03dc8fdeefda59d11a027895e11eba8169d7fe
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/additional.css?v=1.4 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 10851
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:21 GMT
ETag: "2284697ae83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2978
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ijk30bDhvlHyXX4m%2Bx5fYMpesUxV9JJ4W8Bwg8AmXXE6loUksNnJEhwK33eszXkmCvhmiCK1gqTQ%2BO0o2iadclXylLQCq6Ldkv2iyjXJn9IxrJFXpdB0SyGJ%2BXNDoJNlTqQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed932ce58833-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/css/game_compressed_ic.css?v=1679587650
149.28.159.163200 OK 3.0 kB URL HTTP/1.1 149.28.159.163/assets/css/game_compressed_ic.css?v=1679587650
IP 149.28.159.163:0
File type ASCII text, with CRLF line terminators
Hash 14a6ee5ff920161c3e9ff7971b9f2034
9d658e31aafc43657a72bc0758f86a3a6b3fa074
ab825ec5cca015ae67f6240b5efe3df5ff9291d9c47940944ae679abdfbe2a8c
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/game_compressed_ic.css?v=1679587650 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 2989
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:26 GMT
ETag: "994f3e7de83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BtRL7zexiHeLb65cEXj4iOZsydtLdYA1W4pLjtU4vG229M6wMGWZFPsxsjHNSOSC2mbOmsKpi0%2F2CT%2FNEKbS587JwtWORfLfFlYGZ2oH6RfeCQ%2BiW9pDFT7bGtNaGpWG91tPBARjPh4a1gG5RWY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed934f9b881f-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/tgsecure/vbulletin_md5.js
149.28.159.163200 OK 5.5 kB URL HTTP/1.1 149.28.159.163/tgsecure/vbulletin_md5.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (2780), with CRLF line terminators
Hash e2b6316c2aacd74d5e325da02b2485a4
320f269bba5460240c2b47e4471f010a62ec9fba
9a16ce89974f8c9298fd382a7556568c148d1cd30da8d2dccef10fd295841fd7
Analyzer Verdict Alert quad9 Sinkholed
GET /tgsecure/vbulletin_md5.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: application/javascript
Content-Length: 5526
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:26:07 GMT
ETag: "ffe8a895e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2891
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KgS27XbEJ9VpIj1Xhk1go9uSCiYB%2BbbvRTnf8QLTieW7pkYfo0plD%2BmkbxcTVV6ZTpY4W%2FYnxmkeCyP%2Brsu80Doq%2FiFC1Etg%2F8x49%2Fm5HOTT4zetsDhopAl7I9YoT%2Beh0yo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed942ebf4d63-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/modernizr-2.6.2-respond-1.1.0.min.js
149.28.159.163200 OK 18 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/modernizr-2.6.2-respond-1.1.0.min.js
IP 149.28.159.163:0
File type HTML document, ASCII text, with very long lines (18450), with no line terminators
Hash 2015fe4e8911558500fb094aac79383b
2d1e5126c8e3386153082b98e841d7a03435d975
bf2d2ce2803063fd72be8165d5fbbc700e24dfd6bfcb351f064367a90db9ef4e
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/modernizr-2.6.2-respond-1.1.0.min.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: application/javascript
Content-Length: 18450
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "5ab0f68ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N52%2BSpeJubZHGWRfOEsxg%2FIn4pFBQX3blnqPUx3Xb8Y1UEQbU%2B9oVwx52MAy%2FA2JUgtst5sApAVsmwaeLXqLkCvxswvwHsP%2BLaxsBXV3So%2F%2BOfy1G2d%2Fe%2BMZc7IkXo5arFw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed943c858959-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/skrollr/skrollr.min.js
149.28.159.163200 OK 12 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/skrollr/skrollr.min.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (12360), with no line terminators
Hash 7d6ae9201bf4c1d83ebcacc6da3ec09b
65b20f0c1dba10c7ba3d644fba7ae80ae08d4ced
911dccc7a59863b46d628fdac57d96a7cbf72325fe2555d2a3d165c6258d3464
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/skrollr/skrollr.min.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: application/javascript
Content-Length: 12360
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "3bd5fd8ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6994
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=af0AnfJvOM9%2Bgf3B571UdByooZn4Z5zljtS1iiWqzU%2BAeyPv%2Bsa3RCmyyBGv9vOqlL7kLZfNEyGvh6FeAlBBmhDa%2FQmLyCz1pUB2%2Fr95wdjSr0qafDEs1vg2JtmHpeeZnHQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed952ae08813-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/css/bcw/bcw2.css?v=1679587650
149.28.159.163200 OK 102 kB URL HTTP/1.1 149.28.159.163/assets/css/bcw/bcw2.css?v=1679587650
IP 149.28.159.163:0
File type ASCII text, with CRLF line terminators
Size 102 kB (102406 bytes)
Hash 36d80317735b8d4272f19b526ae1988e
2027642841029d88fff8f82416cfe8072ce1a58a
fa1cfd3fce0ca21b6941284214ed3eb98ca3a8f7f256cdd0347391fc82679cee
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/css/bcw/bcw2.css?v=1679587650 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: text/css
Content-Length: 102406
Connection: keep-alive
Last-Modified: Sat, 16 Jul 2022 09:56:03 GMT
ETag: "f220cc42fa98d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ns%2FWjQPswx3QuHvOGyaeQvfFLsYqcEIrbzCigVTu8kT3Cwq7Zz63oBgBKkmZf%2BRBex2z3EI51WtFAKjMBFPtvPyjig1t4eAq7CewOGXlGHXMRnA6GsTJFm9vfPLb5Ic%2FnMySlcD6osz9rRTDbRY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed941e994000-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/text-rotator/jquery.simple-text-rotator.js
149.28.159.163200 OK 3.6 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/text-rotator/jquery.simple-text-rotator.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (377), with CRLF line terminators
Hash a71879d710814c534e5d2b8cef69fe31
c0e0ec152864a151f6aa950869417502370025e5
e91e202a6ba778e3dc13b19ba76a345d1c7dc10d92282da07b90df222dd27bda
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/text-rotator/jquery.simple-text-rotator.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 3597
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:56 GMT
ETag: "d488e8fe83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ae0yjzOdUk4dU6j4h35hW4OEhGVlFupQxb9z0w0wfGmxwTQ08u2zK%2BWN8EbID1B0us9KoC6eo2bsA7SvxDz%2BARIMpRBfWu25xrqMug4xhu3%2B4OSwqTaeUQ5hBaseBCs5kGw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed95deab3f6c-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/owl-carousel/owl.carousel.min.js
149.28.159.163200 OK 15 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/owl-carousel/owl.carousel.min.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (14916), with no line terminators
Hash 2fec2de7cc7d2d9a66130311f52b5db8
5cfc389925bd8200ee1e0fb224434ded9cae3f15
4b18105a346260a3e8359cd02633fd5f8bb244f2d5f43e4375a1efd10e5c865a
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/owl-carousel/owl.carousel.min.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 14916
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "8572fb8ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2778
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yp99pM3DxnNHe6k6yvzPzOuq6uuNG5gPWgh8uSN5ompvOMVn3qhQtAR7OSrtFtCs47KMjMztHaxvdAFhdhSgA6tOqUlHARlzEkEJsvuQ8pSmnWEl3%2BWHr7LCRrs3uwoG%2BJSHh6mp1w8p8bFHtIs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed95fdb246eb-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/jquery.js
149.28.159.163200 OK 159 kB URL HTTP/1.1 149.28.159.163/assets/js/jquery.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (749), with CRLF line terminators
Size 159 kB (158833 bytes)
Hash 301b4f7d22a8d3126f7b2ad36e2229e1
d85d531423a67876123747c561b854fb1189e84c
c2575f110771e45f5ec5cd739c18ad6d4ba862fe7c7183659a35dccfa4c893ad
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/jquery.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: W/"804b718ee83d81:0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6955
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XfmpSGDEMae24nHuBML8jGxRN1UCm0psueHHTLwz5BGXL45afbEdN0XsaC%2BSzc7wn%2B6TGZXqwu1qiI6NstJZ0CYUBIPH4Ebuwap589BobI%2Bb3T2yuI4kFqW%2BBM%2F6pgJRd%2BQE8uAOh7lDtMLuP3w%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9469e646c7-SIN
alt-svc: h2=":443"; ma=60
cdn.livechatinc.com/tracking.js
23.36.79.8200 OK 26 kB URL HTTP/2 cdn.livechatinc.com/tracking.js
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
Hash ca1a1fad7045926f80ec420ab6ca655e
236a40dc90d1cf21d4fbec8f37a29e5aa81bc142
d0bcb77b6046af479839fc31f4f7f9765029706304ed8ed8319ba577e40d81b8
GET /tracking.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 15 Mar 2023 09:03:42 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: .nmbWTWYSt4mObEbpFmxweZDq.QZWcu.
server: AmazonS3
content-encoding: br
etag: W/"840d6e442c74218df05e0d3ded6c2d57"
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: h_xAWlkPCb4bEzrmziacG5BAgaXZpQ1JVPrAO9FKfngvwgz8CKYYEQ==
content-length: 26391
cache-control: max-age=28800
expires: Fri, 24 Mar 2023 00:07:34 GMT
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
i.ibb.co/KwvxzP8/yt-exo.png
162.19.58.161200 OK 7.6 kB URL HTTP/2 i.ibb.co/KwvxzP8/yt-exo.png
IP 162.19.58.161:0
File type PNG image data, 160 x 51, 8-bit/color RGBA, non-interlaced\012- data
Hash a8aa1dc479d2192243e1ecf3db5e144b
dd447c498ed8d04573cbba72510d3ae1158eb102
c9787956585a938606f7ad92e571d198293e4e8e2b98bcb424ae1130022aad6b
GET /KwvxzP8/yt-exo.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: image/png
content-length: 7562
last-modified: Wed, 24 Aug 2022 09:29:41 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/s10x5Tt/TW-exo.png
162.19.58.161200 OK 8.5 kB URL HTTP/2 i.ibb.co/s10x5Tt/TW-exo.png
IP 162.19.58.161:0
File type PNG image data, 160 x 51, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fbf73b68fb4095983589dc8e5f49a53
f90b55d4b09d136e358760dbb69aef08f5fae425
15471f4ff2e17139289e619eb03db3caeea3dc6933dae56c29bc8a9706d1b4ae
GET /s10x5Tt/TW-exo.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: image/png
content-length: 8536
last-modified: Wed, 24 Aug 2022 09:27:56 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 097d447e049e3b41f92a4695b1b0c3c7
f39c9ef8d22bee41d940bf719c75b2cfae9291d5
459e0e586fca9a4720e4e25fa59978368c9d373ee86575a7b40d0ef4262043ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 16:07:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
149.28.159.163/assets/js/vendor/bootstrap/bootstrap.min.js
149.28.159.163200 OK 32 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/bootstrap/bootstrap.min.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (31650), with no line terminators
Hash d08775b7d337d5f37e3fb102f1a8a913
6cbd6f79def44d7e96d933a17967cd2afcf9ba3c
8ae9a41def07afb4166b08e3143071437d1867e5f26e6bd907899a8b50bbafbb
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/bootstrap/bootstrap.min.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:33 GMT
Content-Type: application/javascript
Content-Length: 31650
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "13bc28ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=meCAGUCszXyUMJrAYJUf3I8iI0q1W0NGXXXqyrHm33PwRyASvjwNz32J%2FG%2BCqkq6P5ZiXAC8oT%2B3I2D%2FgtiIitGrIixb%2BOTIf80nzqvjXRa6hnd2FitA6neY7uqCZ0VMurqqvwnebvJstHOCE6M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed950f7b6b99-SIN
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/roboto/v15/Xyjz-jNkfiYuJf8UC3Lizw.woff
216.58.207.227200 OK 27 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v15/Xyjz-jNkfiYuJf8UC3Lizw.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 26588, version 1.1\012- data
Hash a84d4b00b169826c4aea77a8611b1e56
aeaff41dcc5caac07876a3931c86456aefdbd54c
37e9d63421fa7b235c859737c6c65ee2ed95d79e7c49be0fe15903de908c2204
GET /s/roboto/v15/Xyjz-jNkfiYuJf8UC3Lizw.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://149.28.159.163
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26588
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Mar 2023 18:11:52 GMT
expires: Thu, 21 Mar 2024 18:11:52 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Jan 2015 22:47:27 GMT
content-type: font/woff
age: 78942
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
149.28.159.163/assets/js/vendor/nivo-lightbox/nivo-lightbox.min.js
149.28.159.163200 OK 7.4 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/nivo-lightbox/nivo-lightbox.min.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (7420), with no line terminators
Hash a5896459ad6790d1d94eb2180e59e965
e5d4b0ef3a929aa6e20ede86b024264a8cf2b473
65723a3f6bf46e95bd82bbbc3f986c0df44ad1b4427abbc3fa252a53ff40b4ea
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/nivo-lightbox/nivo-lightbox.min.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 7420
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "8572fb8ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1097
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R72j9YxczyquBJsUxeI7f0kdN6qIw1%2B4WQz3KladzeECQlYH3j9V5CPqO%2Fs19i7%2F19odxgi%2Biw9OQThgbLW%2BUwpl5kT5cyhUDpkCdRPWnZzmOSJf5jSV9zI6GTd40suc7TE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed96fdd59e46-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/hD1MvV8/WA-LG1.png
162.19.58.161200 OK 49 kB URL HTTP/2 i.ibb.co/hD1MvV8/WA-LG1.png
IP 162.19.58.161:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash b1eb7a2105540ac4ccdbf9cfaa8ee62a
5ed7177e36e4df57a9e7c86c56d24e37864f4ced
7d5a50e99a310893077a126e63703986dfe870cdfb716df7b28c5000ba8366f5
GET /hD1MvV8/WA-LG1.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: image/png
content-length: 49184
last-modified: Tue, 05 Oct 2021 12:17:50 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v15/Pru33qjShpZSmG3z6VYwnT8E0i7KZn-EPnyo3HZu7kw.woff
216.58.207.227200 OK 26 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v15/Pru33qjShpZSmG3z6VYwnT8E0i7KZn-EPnyo3HZu7kw.woff
IP 216.58.207.227:0
File type Web Open Font Format, TrueType, length 26528, version 1.1\012- data
Hash b20e0cef1fd0ee15a5fc0d150d4c9672
7bef9051bf8ecdf269228c6e743dad5a8172aea7
47a6d754139b198b90326c9ad8c22bd5e2ba5e2d7e2eeb443deed603255a611a
GET /s/roboto/v15/Pru33qjShpZSmG3z6VYwnT8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://149.28.159.163
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Mar 2023 18:12:10 GMT
expires: Thu, 21 Mar 2024 18:12:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 14 Jan 2015 22:46:57 GMT
content-type: font/woff
age: 78924
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
i.ibb.co/4ZBwPhp/FOOTER.png
162.19.58.161200 OK 36 kB URL HTTP/2 i.ibb.co/4ZBwPhp/FOOTER.png
IP 162.19.58.161:0
File type PNG image data, 1140 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash 37725d268c792467e08cc9fc58038841
6aa2b665192948b7b63be2f3113e1ee1a9cd8d01
758130641d2cdab997b17145f26af8e40e1a7d3d717de2999aeca52e70a3b1e4
GET /4ZBwPhp/FOOTER.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: image/png
content-length: 35877
last-modified: Sat, 14 May 2022 09:39:54 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/8NCPwQf/TG-LG1.png
162.19.58.161200 OK 46 kB URL HTTP/2 i.ibb.co/8NCPwQf/TG-LG1.png
IP 162.19.58.161:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 103686aca441e0ba534617737c6d7c0d
8bc8ece58f02a68c3e8afe8b5163e092f4380b2f
e25618e618ebef572163517bfe57fe0cfc18706c57a2278fbb7a081a8f431603
GET /8NCPwQf/TG-LG1.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: image/png
content-length: 45940
last-modified: Tue, 05 Oct 2021 12:17:50 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/xfZ6f2r/fb-exo-2.png
162.19.58.161200 OK 8.4 kB URL HTTP/2 i.ibb.co/xfZ6f2r/fb-exo-2.png
IP 162.19.58.161:0
File type PNG image data, 160 x 51, 8-bit/color RGBA, non-interlaced\012- data
Hash b59ca192e52da286b8feb53864bb2c19
e22b395d3539b6ba721ec368df3c537752f46314
ab75acedb62d09ae612340d4d9bcbeb085d5bd75c9d886f1cef5f523af2e14ea
GET /xfZ6f2r/fb-exo-2.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: image/png
content-length: 8430
last-modified: Wed, 24 Aug 2022 09:26:56 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/js/vendor/tweet-js/jquery.tweet.min.js
149.28.159.163200 OK 8.2 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/tweet-js/jquery.tweet.min.js
IP 149.28.159.163:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (8199), with no line terminators
Hash e6d5a5f7a0d7af2a2c63b97919cac65a
1f61ee273e334ebd7388e219157bf8654482f009
431cff4d223f3296f7d4b543573271745a91d9069a3666844fb3b037aad844c7
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/tweet-js/jquery.tweet.min.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 8209
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:56 GMT
ETag: "16eb108fe83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1097
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2d1mjNgnylGQ3fE54TbOjfcX3J3fzNY%2BGmlPTZayjivWovY%2F0URZDy3etjnRB9Z4jmeFk7ukyu4hkqmCk5LESsCPw0jBuIUoaifPlqlmRuJ2gEJAjaYFIoBkhtP9l55s24o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed976ef26c05-SIN
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash dd5380daefecc523858637dcbdda1cf3
0ec5910f57d8ab84179a5d0687e6b16d2cacfb1a
e58977b0dceb06edf2a7c752aa433c71b3bca571e814a7a83bbddc75d4428c0f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 16:07:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
149.28.159.163/assets/js/vendor/jflickrfeed/jflickrfeed.min.js
149.28.159.163200 OK 1.5 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/jflickrfeed/jflickrfeed.min.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (425), with CRLF line terminators
Hash d58d9ddf128085f95583972403e31013
43eb1266ab05f4da8f55fd4fa933f2e6b21f6ccd
f85409a0eee494caef5fcf18d9e9914b07028b5fef74ad600823894f16e493ec
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/jflickrfeed/jflickrfeed.min.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 1469
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "d7c3ea8ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3979
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FwW4BM8mYrSANAGNIfmsfg5Lli4xGuZTeH6d6%2FwEHkR%2Fln9KdvTXHisrbJoIxfKmvIxGs%2BpOZoeRQWOxzRxCEUfpB8WD49NaM%2BhaCgjj9h9RLNvifq03fkAnJ68WQxcGE6FgSIYlQGkeRzcpU%2B8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed978e453e3c-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/appear/jquery.appear.js
149.28.159.163200 OK 1.6 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/appear/jquery.appear.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (752), with CRLF line terminators
Hash a9f878d87e01187cd87694b4036081e4
9542ca26a449c5670c609794fa368b62cfe83afe
57290cb11bf0549f716fb71ffd6b79206992884cd6d840907d9b08d8ef8f3dbd
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/appear/jquery.appear.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 1555
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "67d9bf8ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6995
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aRiRDFcI%2BHJ62bQiUNLPB2coOO4%2FI5h%2F8A573YB0%2F%2B32MIzIyOHSFZV0pF9BwHuPLCFToogtrNAy8tpG5FMDxBycv9%2FDnRUgONkQjotGUYVYa2Z1tkz0F91zsD%2FT7PJp7bHO0mx7cDZ6XayPs%2Fc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed97ac794017-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/parallax/jquery.parallax-1.1.3.js
149.28.159.163200 OK 944 B URL HTTP/1.1 149.28.159.163/assets/js/vendor/parallax/jquery.parallax-1.1.3.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (420), with CRLF line terminators
Hash b64eba08651f040df936783eaee7f911
76796bdf3210320ef709d520573d4135a28c8ccf
64f0c1e17739b4608e73cb9896ad0665f467248eb91626fb9301aecfdc9bbc83
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/parallax/jquery.parallax-1.1.3.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 944
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "8572fb8ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 432
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zBDmF1%2FZo3enP5Zp74rlDeLzPA8G20CjQzianQe%2FCLk3Dcj6ku5WTAPNY23kqBT7fWIDKyERa7vaJ2HvUYrqESA1ULW5csTXWC%2F3d1sWMbiCof5MUow%2FQ1Z6sNyHwWRNeAQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed97bf7487d5-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/DW9c2Nd/SOSMED-bg-2.png
162.19.58.161200 OK 19 kB URL HTTP/2 i.ibb.co/DW9c2Nd/SOSMED-bg-2.png
IP 162.19.58.161:0
File type PNG image data, 836 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash 44cc2a013444e645606f6b3294dbb1d6
9dbcb0676d33f49822fe1506b9a259fce3043128
b93daeac98de05325834afb1006ffee4894b6f237836c2ad4a8f77946e3140f8
GET /DW9c2Nd/SOSMED-bg-2.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: image/png
content-length: 18713
last-modified: Wed, 24 Aug 2022 09:37:18 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/img/loader.gif
149.28.159.163200 OK 5.5 kB URL HTTP/1.1 149.28.159.163/assets/img/loader.gif
IP 149.28.159.163:0
File type GIF image data, version 89a, 15 x 15\012- data
Hash bc1bcccc4a3342d2063088deae7d17a3
a1a988f912d3e17a908945750b91b508672ccac1
a76090f2d604a7e9bd429900001b367ae94f52d749fd0f94706be887d87cce7f
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/loader.gif HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/assets/css/bcw/bcw2.css?v=1679587650
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: image/gif
Content-Length: 5517
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:49 GMT
ETag: "7c6228be83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2776
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RD9KDcgcM%2BLHw6%2BvXPiR3Z8hno6qtAXDzZw%2F47dGMtsLZMITSVJnghkHCG6zIJFsGSPR1Eae5oRCWC6GGP57msQ0PClnInZ20jLacRWDJJ4ZqVNBp87Et6fKH3V4UQkzg68%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed97cbc93e4a-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/bcw/logo.png
149.28.159.163200 OK 7.0 kB URL HTTP/1.1 149.28.159.163/assets/img/bcw/logo.png
IP 149.28.159.163:0
File type PNG image data, 210 x 63, 8-bit/color RGBA, non-interlaced\012- data
Hash 4665430929405c1e7812797b6f176a12
feaa90e59c1086e4e7d2e5aeea686084ab40e3fd
6dc9f69b435eed2defaa7235307d3653cae7e3ed50176c4bdf69fbf5569f99f7
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/bcw/logo.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/assets/css/bcw/bcw2.css?v=1679587650
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: image/png
Content-Length: 6976
Connection: keep-alive
Last-Modified: Sat, 16 Jul 2022 09:56:04 GMT
ETag: "551c2943fa98d81:0"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6585
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7YqY30asCMkn9PPShQDI9%2B28AdffkPMgc%2B39uZ9oUc4gBEm%2BgYnFO8i4dig5cofmnefSzmqILiB3fIibdupCCU9m9KU8fOFdqExdbsHZmGCNkjAfg1q6ff8cvVg9Tkgz%2FS1j3Y%2BUKqnKy%2FcA%2B0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed97e83aa045-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/4N7BPDd/ig-exo-2.png
162.19.58.161200 OK 10 kB URL HTTP/2 i.ibb.co/4N7BPDd/ig-exo-2.png
IP 162.19.58.161:0
File type PNG image data, 160 x 51, 8-bit/color RGBA, non-interlaced\012- data
Hash e90967bd9dceec8c81a27d3677ad7e14
ea006b2dbe6e09577bae8517494ccfb5f8151001
6b8f688347479892a828314f0b9bbca4d76c7d03196532f68814f6ab38398854
GET /4N7BPDd/ig-exo-2.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: image/png
content-length: 10513
last-modified: Wed, 24 Aug 2022 09:28:47 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/images/nomor/sw/jari.png
149.28.159.163200 OK 2.5 kB URL HTTP/1.1 149.28.159.163/images/nomor/sw/jari.png
IP 149.28.159.163:0
File type PNG image data, 132 x 22, 8-bit colormap, non-interlaced\012- data
Hash afd7ac2a66f4b3caf42eb54557acc6f8
4c29fec73d3ee96a38f0539d8f2d7824ea190623
1b80236bf3b3302b2a8a43f2595ec1cbe1c7abdef2b0225281456f7734b0c57c
Analyzer Verdict Alert quad9 Sinkholed
GET /images/nomor/sw/jari.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/assets/css/game_compressed_ic.css?v=1679587650
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: image/png
Content-Length: 2492
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:58 GMT
ETag: "54ec5990e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9q6iagLQOULkNFKOZFYYhamuRBm8iz8%2FvE0eISluESrqfS6wG%2FMUmB5QFiZeXisGSsoKvRl1hz%2BfDnGu2%2Frz3MFupW%2FYghktM2thUWIgWX8A2I%2Bs9BB3fkrqSntDUc3RemEgs%2FFo7LVK3rroFRY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed980fae4ac6-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/images/nomor/pd/dices2.png
149.28.159.163200 OK 9.7 kB URL HTTP/1.1 149.28.159.163/images/nomor/pd/dices2.png
IP 149.28.159.163:0
File type PNG image data, 120 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash bcf4e47f7b026d145fb8b8af81b249af
e3bb7921fe3a46db34a9e44662f703bf1533b6d1
2b2b1dea4fb7ba051093d8dd1d9de80787e24e0d91a373d9358626181712fe35
Analyzer Verdict Alert quad9 Sinkholed
GET /images/nomor/pd/dices2.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/assets/css/game_compressed_ic.css?v=1679587650
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: image/png
Content-Length: 9720
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:58 GMT
ETag: "113a4990e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjtydXPfZyBOrR6IO17ZeJ4bcyS%2FpKbnJf1hQSIqa5ASWVCAZwznwZTijsUZNyQm9hpzbh5alEQArQvDzLOVuxstUugsBjc4KG1oElThrJmxpDrLXK%2FJ1pKicWEmnHe3Osg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9818d74d21-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/vendor/liScroller/jquery.li-scroller.1.0.js
149.28.159.163200 OK 1.0 kB URL HTTP/1.1 149.28.159.163/assets/js/vendor/liScroller/jquery.li-scroller.1.0.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (565), with CRLF line terminators
Hash 54cb9447ebd6e24744d670457d9469a1
34c409a043b8124265528aa8e8dd2e92d452a324
0e8bdb67849a2ec9a0d0044639fff6566d74982cf147ffd4f63c94935ee85e85
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/vendor/liScroller/jquery.li-scroller.1.0.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 1004
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "2ae9f18ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 432
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3aRMiaANZTBHxiGXcgwvSW2UK3WG%2FrmqsST%2FH7ELmdWAqgYFhVUAGUvrt21SaMg1uLbsZ6ch2fedJUpjS8VKsiy5eNPNXpf%2FLJfWXCAVz24cExJAvXdgGJFnQety3eJ9B%2BxXg4Ox6D3Jk813Ar8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9968cf9e38-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/jquery.cycle2.min.js
149.28.159.163200 OK 22 kB URL HTTP/1.1 149.28.159.163/assets/js/jquery.cycle2.min.js
IP 149.28.159.163:0
File type ASCII text, with very long lines (22288), with no line terminators
Hash 3981c014980610a347911b3eb292b722
a19a589bbf0d0a607557cc93768fa68ec4d9b87e
6b41e47a54aefc08aaa3678ed56f5689ddf69b8e8a48e9af8acc200ed0559fec
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/jquery.cycle2.min.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 22288
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "e589b18ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6991
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8PeZ5UHioHPSU0TRS%2FuT0bwqfk%2BD8bNIzHANeGHYW2xJifaHwaR4sMdEvlBjrWvQtv8ajX0FE9u7KeF2lNvrzlRLj7K645hdqXugtTFCE%2B3J5YniUSFIq4NLrenYkQwpu9RKX4IhZM9NQs8JI8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed996d1d400e-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/jquery.fixedheadertable.min.js
149.28.159.163200 OK 11 kB URL HTTP/1.1 149.28.159.163/assets/js/jquery.fixedheadertable.min.js
IP 149.28.159.163:0
File type HTML document, ASCII text, with very long lines (10207), with CRLF line terminators
Hash 804ebc7510efd932f9cd73c1d89b9198
1ccb4532d090a92d62e34764344f77a511df74cc
3558ceb80d44265a98c14ad6aebb2c8b0b56a7014508f33d3c7f432cf3da8281
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/jquery.fixedheadertable.min.js HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 10655
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "e589b18ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2886
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UXAGDQtziH2Hf5zkznbWpt%2FXHaZ9ZfZxo9ZGSPxVs8zvXOiq9T3d5xpRs%2FRTKzJjTFXd2%2FwzkJ7eHS5OwrjoV5zQ5BXjluP3fc4iD1a8EHE5MTY5kEwYegBrt%2BL%2BUCNq9lI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed998bbf3f54-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/js/style.js?v=1.0
149.28.159.163200 OK 5.9 kB URL HTTP/1.1 149.28.159.163/assets/js/style.js?v=1.0
IP 149.28.159.163:0
File type HTML document, ASCII text, with very long lines (1126), with CRLF line terminators
Hash e6729bee3c4d3af505e62bedaae82ab6
5e30326005d7014cd1ef0c7d0bd2d11ad62c76fb
aea3f69838c96bebd8ee3a0b0f29729b29c5797f320d570bc39f0d1e091abc11
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/js/style.js?v=1.0 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/javascript
Content-Length: 5870
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:55 GMT
ETag: "a15bb8ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1718
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lLLsf50d1qCoGbOe6hQrex2DC9vpD2Uoe6AtjJVduMPc3q2Dh6N7xRdty4D66o9Np119XWLURpys44ysNXTw28vZ%2FGeF1IIIvCcV2y5OxE%2FV%2Fhst%2FwV1%2B7OPo%2F9PzoWOn14%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed999a0b40e6-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/fonts/Muli.ttf
149.28.159.163200 OK 49 kB URL HTTP/1.1 149.28.159.163/assets/fonts/Muli.ttf
IP 149.28.159.163:0
File type TrueType Font data, 18 tables, 1st "FFTM", 32 names, Macintosh, Digitized data Copyright (c) 2011-2014, vernon adams.MuliRegularNeWT : Muli : 25-2-2014MuliVersi\012- data
Hash df7330254513d2fa2f4c1e9ee98cc6c6
aa2edf77d86fff82790b846917772837828e4902
45acbaae00fb0cfa8413b582cd4c0dad9653c78a051a7215205079ccc7c7e233
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/fonts/Muli.ttf HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/octet-stream
Content-Length: 49008
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:28 GMT
ETag: "4265b97ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TWm8rLK89OwoFKRghgcWxf8rKZbcFdTBgnRSwawxgoQHCRt0G%2F3%2Bodw3bsLSCbjt5LHCfXJevFCM3f7yvZ449bJ1wwcvNfQiTLIJi3yj4dj0oCk9yGPl5FgqkEN09Qs2hczl13CJ1t8e%2FlnHj90%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed99f82f4082-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/hyFzKmx/member-exo.png
162.19.58.161200 OK 22 kB URL HTTP/2 i.ibb.co/hyFzKmx/member-exo.png
IP 162.19.58.161:0
File type PNG image data, 209 x 209, 8-bit/color RGBA, non-interlaced\012- data
Hash 5603877bb392ba13bd0d21745961a4be
e7a426f7fbf0713a68ff6b6080056e6321c7d1f5
f6062167fc1ee8874a90b95158e70a64c838fb7ca9b242d1c4f4e71b7ca1e1bc
GET /hyFzKmx/member-exo.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: image/png
content-length: 21618
last-modified: Thu, 01 Sep 2022 12:03:56 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/img/feedback2.png
149.28.159.163200 OK 1.2 kB URL HTTP/1.1 149.28.159.163/assets/img/feedback2.png
IP 149.28.159.163:0
File type PNG image data, 206 x 32, 8-bit colormap, non-interlaced\012- data
Hash 76fa4b2588a14d5e8c62f70f7263d62d
8f2510f7d96cf7a1756ff8dbcafc248bcafb31e1
639775068932c1b628a731e51f57a420b6006929bf08058d1dd628b2b0aa1e51
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/feedback2.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: image/png
Content-Length: 1180
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:45 GMT
ETag: "a5ffe988e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6955
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SC%2BEGXdfab%2BPSVApRIFqrJAgQCd0YfQJ0vXGboBIHtgNJnRtiwsknsoWXWd7dcD8AKy8HH55%2FF6db4VhPHt%2BDBzU8Dm7zcaUG29nV2HE%2BaL6ifxsCNcxmnvRmgocGsT4vGk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9b18e0a08f-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/images/nomor/bl/10,6.png
149.28.159.163404 Not Found 1.2 kB URL HTTP/1.1 149.28.159.163/images/nomor/bl/10,6.png
IP 149.28.159.163:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Analyzer Verdict Alert quad9 Sinkholed
GET /images/nomor/bl/10,6.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pUtXegKwd7c%2BfmbOdqkfjlF8OWL8qmb%2Fw2MzBncL%2F9pBkuhgjn2zm%2B%2BtaYuV0YCXLsXsywxRAnAk6XWWsFJzahkcN8FhLWPsZ6k6KwPMid9thWGP%2FZIWOs8ympE%2FV0%2FPPBcLoCa1NcyGjjtmOS0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9b1a0a409c-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/images/nomor/mp/korea.png
149.28.159.163200 OK 648 B URL HTTP/1.1 149.28.159.163/images/nomor/mp/korea.png
IP 149.28.159.163:0
File type PNG image data, 35 x 35, 8-bit colormap, non-interlaced\012- data
Hash 48413b36b980f4954dcbac7d7d30a8f9
33b22a4482aded3fc636624328364d1e6a0e475a
8bb0dba2f00edba898fec17e9fc62c57f6e75439cc2af16ca500ad8b19b1aa35
Analyzer Verdict Alert quad9 Sinkholed
GET /images/nomor/mp/korea.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: image/png
Content-Length: 648
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:58 GMT
ETag: "4b53f90e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3978
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jGdzhAu8yE4m8uCVLWLXXbgnrnrb9gHT5P%2FqaezK85fohR6IjbXsur5RNB%2FLCr2BlyhpXb52lYOunoelSn6JyfiwwjHzywM8p%2BMcxyVxvOOT48jCFjKRwv0S7cAlMEjI235kfYhBQFjTx%2BAwWcU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9b3b463e47-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/images/nomor/dragon.png
149.28.159.163200 OK 42 kB URL HTTP/1.1 149.28.159.163/images/nomor/dragon.png
IP 149.28.159.163:0
File type PNG image data, 500 x 500, 8-bit/color RGBA, interlaced\012- data
Hash 2aa0a2cd337aa7871afbd55a4201bd9c
ca40ca9b7b20700b75a4faab60a313fdbf58daab
c81081f93a53eb8d20c8c5f4d2be8edf8972faa2a5bdec02abc7b5e1c1baecfe
Analyzer Verdict Alert quad9 Sinkholed
GET /images/nomor/dragon.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: image/png
Content-Length: 41761
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:57 GMT
ETag: "c98d3890e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6989
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FWykrkPpQis0bUheDeWtcZLLQWHOVTWZShMu6zIhSgVz3aJgVW4SoDvTNcbMIPZpnSA9rJ24SCGlIIy%2Fxv2q4ADraQK43Zr614wA%2F%2Fq5jfCsm6vz8v74SC2mAc8rlgyBvtw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9b48d440bb-SIN
alt-svc: h2=":443"; ma=60
api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?license_id=14437305&client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5&url=https%3A%2F%2F149.28.159.163%2F&channel_type=code&jsonp=__ihzmyufaib
23.36.79.8200 OK 385 B URL HTTP/2 api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?license_id=14437305&client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5&url=https%3A%2F%2F149.28.159.163%2F&channel_type=code&jsonp=__ihzmyufaib
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (385), with no line terminators
Hash 4ed95eb56ab73408aafe453792d7bb5f
352d59e63c7b32314f52423c5ac05ca548b76c25
27871146005359e98d917dd120b110eae3419f19133cdcb6211203845189a29b
GET /v3.6/customer/action/get_dynamic_configuration?license_id=14437305&client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5&url=https%3A%2F%2F149.28.159.163%2F&channel_type=code&jsonp=__ihzmyufaib HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-security-policy: frame-ancestors https://149.28.159.163/;
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-frame-options: allow-from https://149.28.159.163/
content-length: 385
date: Thu, 23 Mar 2023 16:07:35 GMT
X-Firefox-Spdy: h2
i.postimg.cc/4Np20zcS/icon-web-exo-2.png
162.19.88.69200 OK 17 kB URL HTTP/2 i.postimg.cc/4Np20zcS/icon-web-exo-2.png
IP 162.19.88.69:0
File type PNG image data, 209 x 209, 8-bit/color RGBA, non-interlaced\012- data
Hash 66757992eaa6b4420fb2ca9e02c37518
203f66225c110c99cbc29b2fe8241246738b2e19
9df79409da8b574cbfeee07aeb6da2caf0dd9d0f28c544d97deb5cc1628934ba
GET /4Np20zcS/icon-web-exo-2.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/png
content-length: 17396
last-modified: Sat, 24 Sep 2022 14:23:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/mZz5YxgR/icon-web-exo-4.png
162.19.88.69200 OK 17 kB URL HTTP/2 i.postimg.cc/mZz5YxgR/icon-web-exo-4.png
IP 162.19.88.69:0
File type PNG image data, 208 x 209, 8-bit/color RGBA, non-interlaced\012- data
Hash 45f3ee143ea0aae3d86a4ae1333dc67d
197421df80f0d20d1be81d5ade197a20b6daac11
f3d1f896bb4558a4a6bfef2834e266155790886caae9e678096b5f5ee3d4a508
GET /mZz5YxgR/icon-web-exo-4.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/png
content-length: 17160
last-modified: Sat, 24 Sep 2022 14:23:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
149.28.159.163200 OK 77 kB URL HTTP/1.1 149.28.159.163/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 149.28.159.163:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://149.28.159.163/assets/css/font-awesome.min.css
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:34 GMT
Content-Type: application/font-woff2
Content-Length: 77160
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:28 GMT
ETag: "73c7bb7ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VVVUDmAKKyJQ00f6MY%2BmJLH1bWKMfI8bqWL2JS5xi19tyG%2FSjkx5hJzPAyT9n2Iv5ekdUCd3%2BuOY4g3LtwA6bogw5I5jmrGnlJL6U3HmCed2rhR3HIcSvx2RO6UvZjgi4muhRGyWUw4CqmOvgMQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed99fdaf3d8d-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/images/nomor/2412d.png
149.28.159.163200 OK 4.9 kB URL HTTP/1.1 149.28.159.163/images/nomor/2412d.png
IP 149.28.159.163:0
File type PNG image data, 280 x 60, 8-bit colormap, non-interlaced\012- data
Hash 795c2d98c525e72a974c48e5e7943fdb
cda33c6058e24a32e891e7ae6d53b8416633737f
ab49e9c1245a56dcfb0a687bbe3b442e86b49952d0561bed72125c8b5e08a6d2
Analyzer Verdict Alert quad9 Sinkholed
GET /images/nomor/2412d.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/assets/css/game_compressed_ic.css?v=1679587650
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 4914
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:57 GMT
ETag: "cf12f90e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6996
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EoVDEmJ9sjpAXDm2ZKDm6dB3Mfb10Afaebz6UVb5T0OU0q3yOmcMpeBcpeARmPVvougXZlTDdDVDN43sNQxkoRHTkDOJYePgxmuhryDlNLTdrlvUETW7iVQUvDCxn8Qq8kM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9bcaf66be7-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/images/nomor/og/ogic.png
149.28.159.163200 OK 5.5 kB URL HTTP/1.1 149.28.159.163/images/nomor/og/ogic.png
IP 149.28.159.163:0
File type PNG image data, 120 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 4aae6438a3a1ca9b73af64993f0aa4a9
c0e0f3486e884c165418a4b22410017b65098fa1
4efe8b026fe4c3f8ac81f9e4e649a10c58231a0a6229616883a7b5e4ea236a88
Analyzer Verdict Alert quad9 Sinkholed
GET /images/nomor/og/ogic.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/assets/css/game_compressed_ic.css?v=1679587650
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 5493
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:58 GMT
ETag: "98754490e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6996
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XL5tZwEGGJdQwk5v4iDExXCst36hVXBBtCASsdqVVBNgZEjmu0FHGdKecZh2L%2Fe%2F1HPwnFonaG9D%2BIsQHc%2BhaqVLp9d12tdjLfbGzu5JWiejqD0fUrctp0VkcMjkPBjUd%2ByZxNH4RlbQgKiYR0Y%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9cdba84018-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/images/nomor/dicesd.png
149.28.159.163200 OK 1.7 kB URL HTTP/1.1 149.28.159.163/images/nomor/dicesd.png
IP 149.28.159.163:0
File type PNG image data, 90 x 15, 8-bit colormap, non-interlaced\012- data
Hash 836d4850a6eb70dc3ecd48d6b4d0cad4
d0b181430aedfe433213a3e500f0ffb5746c66ce
41649a0f9bbb882403b4228b444cd868cc815eaeddeffd56874dfec6b0a66e2b
Analyzer Verdict Alert quad9 Sinkholed
GET /images/nomor/dicesd.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/assets/css/game_compressed_ic.css?v=1679587650
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 1668
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:57 GMT
ETag: "c98d3890e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1097
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yplv%2BuV0rZqgWWhGiSbRAsu5YJfQKhN9153QfvjCh23VFtqMr7jVXLT4mBKTD2WvuBFg5%2BOH49YrQ%2B9jAr9ejM2nIk7DAyU4qTf9EAw8aoipnQMybPxMSPu77EAwEBMknyJaRSZRN8EyXzg8Pkg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9cecdf4c95-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/images/nomor/gb/gbpic.png
149.28.159.163200 OK 7.8 kB URL HTTP/1.1 149.28.159.163/images/nomor/gb/gbpic.png
IP 149.28.159.163:0
File type PNG image data, 260 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash e6bb0ad7230d88d7ab6c73b5f51d9485
612a5afa140d86c5bd7de81b1432f8444c6f5a82
17fab5007232d6eeba86c60bdb778f82cdb0ceb6005dffe1e28e853621f3cebd
Analyzer Verdict Alert quad9 Sinkholed
GET /images/nomor/gb/gbpic.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/assets/css/game_compressed_ic.css?v=1679587650
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 7755
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:57 GMT
ETag: "c98d3890e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cxVhGnhzke%2BDxZ6HXSbeu%2BIfopP4tcHGapecPJVxNwAVRMFajWL4t0fXsU65Io6CFXkU8IHD0Nkk%2BdfuTAdiyE6nXeHgjf8rf%2Br2YNhZojIzQC9lVGsA8yJ6VAJkEKsNXVg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9ceeaba12c-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/images/nomor/ht/htic.png
149.28.159.163200 OK 1.5 kB URL HTTP/1.1 149.28.159.163/images/nomor/ht/htic.png
IP 149.28.159.163:0
File type PNG image data, 40 x 20, 8-bit colormap, non-interlaced\012- data
Hash aedda6ef7fd1e787b7f77ad996bd47d1
15d81d48a70f41df0340846408503e96199ff0e6
dd31f66e1eb73b77d24f9140ca36e0070dcc677076688448dcc0b05002fbb18d
Analyzer Verdict Alert quad9 Sinkholed
GET /images/nomor/ht/htic.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/assets/css/game_compressed_ic.css?v=1679587650
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 1540
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:57 GMT
ETag: "61ee3a90e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3972
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ouw%2Fu4AghMw9Lvmgl7yz77z5WPm1zsX8ur8qT6sIsZO%2F084t3eMQY%2F%2FdAAtsRIuwZDSGXMH%2FdJouuai%2FquQncHI0KADW0xEkzhX%2BzyP4rSuXGIfUvOIjL09314bxH5q05kI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9d0d704937-SIN
alt-svc: h2=":443"; ma=60
api.livechatinc.com/v3.4/customer/action/get_configuration?organization_id=90c7d184-34de-4d3d-b110-d4e359ddb525&version=240.1.1.195.34.30.1.1.1.1.1.5.290&group_id=0&jsonp=__lc_static_config
23.36.79.8200 OK 2.0 kB URL HTTP/2 api.livechatinc.com/v3.4/customer/action/get_configuration?organization_id=90c7d184-34de-4d3d-b110-d4e359ddb525&version=240.1.1.195.34.30.1.1.1.1.1.5.290&group_id=0&jsonp=__lc_static_config
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (5367), with no line terminators
Hash 84a349e851580399bf9d7663e76e4b39
241dd64e9a5c85792e66809be656c1836c6d0032
42f22665117a8bd2d06e2a7f9bcb3577e40a03232b33b8dae45f2257c2c264d0
GET /v3.4/customer/action/get_configuration?organization_id=90c7d184-34de-4d3d-b110-d4e359ddb525&version=240.1.1.195.34.30.1.1.1.1.1.5.290&group_id=0&jsonp=__lc_static_config HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
content-type: application/javascript; charset=UTF-8
legacy: 2024-05-31
vary: Accept-Encoding
content-length: 1961
cache-control: public, max-age=600
expires: Thu, 23 Mar 2023 16:17:35 GMT
date: Thu, 23 Mar 2023 16:07:35 GMT
X-Firefox-Spdy: h2
img.greatlink.click/uploads/641519032_slider%20ramadhan%20EXO.png
66.29.132.119200 OK 349 kB URL HTTP/2 img.greatlink.click/uploads/641519032_slider%20ramadhan%20EXO.png
IP 66.29.132.119:0
File type PNG image data, 839 x 472, 8-bit/color RGBA, non-interlaced\012- data
Size 349 kB (348569 bytes)
Hash a0e03c3a4bb5567b5fa16376864247a8
b033034fe6897a2e7fdfe4c3fcb6636b33f68c29
92c6e850087c5122b773274c08c5e6951fe87c8ee8ca39794ac5fea224ca5cf3
GET /uploads/641519032_slider%20ramadhan%20EXO.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:33 GMT
content-type: image/png
last-modified: Thu, 23 Mar 2023 11:14:11 GMT
accept-ranges: bytes
content-length: 348569
date: Thu, 23 Mar 2023 16:07:33 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
img.greatlink.click/uploads/979323270_slider%20ramadhan%20lomba%20design%20EXO.png
66.29.132.119200 OK 396 kB URL HTTP/2 img.greatlink.click/uploads/979323270_slider%20ramadhan%20lomba%20design%20EXO.png
IP 66.29.132.119:0
File type PNG image data, 839 x 472, 8-bit/color RGBA, non-interlaced\012- data
Size 396 kB (395516 bytes)
Hash 7bddb5e372bf69350a8ee0827c5ca98f
5706ed2147e53ffc973fbc9a733f430ad4bbb9e3
6c1fb44e63ceeb2383eb65313b9c7d21c048d373120c623e0763cabec1d1593d
GET /uploads/979323270_slider%20ramadhan%20lomba%20design%20EXO.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:33 GMT
content-type: image/png
last-modified: Thu, 23 Mar 2023 13:35:06 GMT
accept-ranges: bytes
content-length: 395516
date: Thu, 23 Mar 2023 16:07:33 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
149.28.159.163/assets/img/bca.png
149.28.159.163200 OK 1.1 kB URL HTTP/1.1 149.28.159.163/assets/img/bca.png
IP 149.28.159.163:0
File type PNG image data, 78 x 24, 8-bit colormap, non-interlaced\012- data
Hash 6acd78d945803ba574275cb83b5e4981
e2705a9ac3be32cc594bf8ebe29da30c46cb2013
b60a19eb59f86325af0f4c3e4736e6ed7f3ecc1cadd6efe316e90ae7a75f0ce7
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/bca.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 1086
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:43 GMT
ETag: "6fe98d87e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2773
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9XXBDSD1u4uG7T5QKBlVWTOWXSYhkc3EwB35vLRJvV0tnWW%2FS25P0PGwaBWKStw9PPHZtQ1o4uWuLDxsuROQppnnjhHG0aQwYw2NTOPulo%2FLEcfi%2FDpHAue977nS8DBgtA8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9dac714082-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/bni.png
149.28.159.163200 OK 1.2 kB URL HTTP/1.1 149.28.159.163/assets/img/bni.png
IP 149.28.159.163:0
File type PNG image data, 80 x 24, 8-bit colormap, non-interlaced\012- data
Hash f4d6f0960f58c75167c9add1bba9ab55
6a1f672e0cb1261eb33ca01cddd7a4ec4342529a
50afebd206f7b1ef8fcf1d4dff496412a08518bc068319f97465908441cd4041
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/bni.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 1242
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:43 GMT
ETag: "972b687e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2883
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2FA90Wk4V9sgI%2BkpSCOI2YugNdkgMLvidKgif%2BwT8p%2FpOPxVkB1e53joNAg8XaVrMpj5gOGY2JmWXcfYMmdwG7AOmo9F1vS2%2Fr9OgSn1dX9GA4DzCN3f346aNPeRzrNuO5k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9dab479f9b-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/rG6rqzG/TOTOMACAU.jpg
162.19.58.161200 OK 304 kB URL HTTP/2 i.ibb.co/rG6rqzG/TOTOMACAU.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:33:17], baseline, precision 8, 600x586, components 3\012- data
Size 304 kB (304360 bytes)
Hash 7aa70c2274500cefd99edf37569c95d4
49265950b7889c2e4f6b45614854db974a8aebce
9213e1f52291f484e16b4f1141792d0fad38098ce13146a3ee1dd13cfce3bfc0
GET /rG6rqzG/TOTOMACAU.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 304360
last-modified: Mon, 22 Aug 2022 15:12:51 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/Gx279nq/VIETNAM.jpg
162.19.58.161200 OK 294 kB URL HTTP/2 i.ibb.co/Gx279nq/VIETNAM.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:24:11], baseline, precision 8, 600x586, components 3\012- data
Size 294 kB (294183 bytes)
Hash b1e226c0d4095fc9f869f70d5257f4c8
5bd90c2f6caaaff1d51aed93d749b30e52e84984
efa16c7285b121843fe6edb2a0d4b007a56d783163415332cdfcc034d3e7a8f1
GET /Gx279nq/VIETNAM.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 294183
last-modified: Mon, 22 Aug 2022 15:12:51 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
img.greatlink.click/uploads/54718378_slider%20ramadhan%20slot%20exo%20EXO.png
66.29.132.119200 OK 457 kB URL HTTP/2 img.greatlink.click/uploads/54718378_slider%20ramadhan%20slot%20exo%20EXO.png
IP 66.29.132.119:0
File type PNG image data, 839 x 472, 8-bit/color RGBA, non-interlaced\012- data
Size 457 kB (457120 bytes)
Hash 4ce6e51ebb8533aefb70b6da544b83d9
5f8955db747c558d7fc552af46661fd2bca26add
02235713d322a8aca2cbb6bcfdf92ffdfa674a893a387a4baaf6278dc9cb2bda
GET /uploads/54718378_slider%20ramadhan%20slot%20exo%20EXO.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:33 GMT
content-type: image/png
last-modified: Thu, 23 Mar 2023 13:34:16 GMT
accept-ranges: bytes
content-length: 457120
date: Thu, 23 Mar 2023 16:07:33 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
i.ibb.co/Cz55xHw/SINGAPORE.jpg
162.19.58.161200 OK 300 kB URL HTTP/2 i.ibb.co/Cz55xHw/SINGAPORE.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:04:27 DIY-Thermocam raw data\012- (Lepton 2.x), scale -6912-0, spot sensor temperature 0.000000, unit celsius, color scheme 1, calibration: offset 4754540834632868954551630168064.000000, slope 4100876544.000000], baseline, precision 8, 600x586, components 3\012- data
Size 300 kB (299931 bytes)
Hash 52ec7ca9397fe8dc3d16e2200f520b5c
a2ea5db4350b18aa8391a3129a71b0ae471ade56
d2a8a0448ad88c9849776cad422413b718a2c3a086b15b2ee463499cd9e1869e
GET /Cz55xHw/SINGAPORE.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 299931
last-modified: Mon, 22 Aug 2022 15:12:48 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/8zKN4yqZ/dana-on.gif
162.19.88.69200 OK 190 kB URL HTTP/2 i.postimg.cc/8zKN4yqZ/dana-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 190 kB (190066 bytes)
Hash b5d168c2ad10ee23eb84b754955a05c3
d71f34079c812a6c7a75c9604c812be3e161bbd2
8dbfefc89892e8c7cedd1e48cb69d72f43a89ff725407667fb7f03ea3cd84d53
GET /8zKN4yqZ/dana-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 190066
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
img.greatlink.click/uploads/2071080615_slider%20ramadhan%20togel%20terbesar%20EXO.png
66.29.132.119200 OK 454 kB URL HTTP/2 img.greatlink.click/uploads/2071080615_slider%20ramadhan%20togel%20terbesar%20EXO.png
IP 66.29.132.119:0
File type PNG image data, 839 x 472, 8-bit/color RGBA, non-interlaced\012- data
Size 454 kB (454330 bytes)
Hash ac6886cf6d08882f76637e94908f64da
632777c0b3d7dce8f55f0d175626954efe9b58ae
dc5714037e6f91e4ce2e5ee129d52fb74ed96a172139b25d03a16a6f7ab772ed
GET /uploads/2071080615_slider%20ramadhan%20togel%20terbesar%20EXO.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:33 GMT
content-type: image/png
last-modified: Thu, 23 Mar 2023 13:34:43 GMT
accept-ranges: bytes
content-length: 454330
date: Thu, 23 Mar 2023 16:07:33 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
img.greatlink.click/uploads/663210040_slider%20ramadhan%20promo%20terbesar%20EXO.png
66.29.132.119200 OK 499 kB URL HTTP/2 img.greatlink.click/uploads/663210040_slider%20ramadhan%20promo%20terbesar%20EXO.png
IP 66.29.132.119:0
File type PNG image data, 839 x 472, 8-bit/color RGBA, non-interlaced\012- data
Size 499 kB (498761 bytes)
Hash a67afac44ac69b9708252eefe1f1fc27
7784ee6e1927046ce47a1699a2896f7d12ef2e24
174853c680bd7d8231c2841aac794164df531499438e1082274457dc9a9532b9
GET /uploads/663210040_slider%20ramadhan%20promo%20terbesar%20EXO.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:33 GMT
content-type: image/png
last-modified: Thu, 23 Mar 2023 13:34:00 GMT
accept-ranges: bytes
content-length: 498761
date: Thu, 23 Mar 2023 16:07:33 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
api.livechatinc.com/v3.4/customer/action/get_localization?organization_id=90c7d184-34de-4d3d-b110-d4e359ddb525&version=13159fb2ee05429e3ae48a4031b3d0e0_0d123dd18d7ceb18375d3ac32ee2aff9&language=id&group_id=0&jsonp=__lc_localization
23.36.79.8200 OK 4.1 kB URL HTTP/2 api.livechatinc.com/v3.4/customer/action/get_localization?organization_id=90c7d184-34de-4d3d-b110-d4e359ddb525&version=13159fb2ee05429e3ae48a4031b3d0e0_0d123dd18d7ceb18375d3ac32ee2aff9&language=id&group_id=0&jsonp=__lc_localization
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (11696), with no line terminators
Hash 85c01cacfd9261319fa3cc76e62c5932
d6e8b10fc321709d4c00e719a47d668f02287a3f
35b5542a0f84876f5e0b39b730bd44168d8881ee59d0a7b40ebde3f90c805425
GET /v3.4/customer/action/get_localization?organization_id=90c7d184-34de-4d3d-b110-d4e359ddb525&version=13159fb2ee05429e3ae48a4031b3d0e0_0d123dd18d7ceb18375d3ac32ee2aff9&language=id&group_id=0&jsonp=__lc_localization HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
content-type: application/javascript; charset=UTF-8
legacy: 2024-05-31
vary: Accept-Encoding
cache-control: public, max-age=600
expires: Thu, 23 Mar 2023 16:17:35 GMT
date: Thu, 23 Mar 2023 16:07:35 GMT
content-length: 4130
X-Firefox-Spdy: h2
149.28.159.163/assets/img/bri.png
149.28.159.163200 OK 1.0 kB URL HTTP/1.1 149.28.159.163/assets/img/bri.png
IP 149.28.159.163:0
File type PNG image data, 85 x 21, 8-bit colormap, non-interlaced\012- data
Hash 6dc0d7a52a5bbb2bbf4fa766d445632a
5f3bf4eeb2065a5ada283143a629b5b6126350e5
5cac9c4ea7470f69937f3e0c66643af243f022ba1d0d1b92ea0b891be8d3e708
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/bri.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 1040
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:43 GMT
ETag: "16f8bf87e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2773
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZFPIHB8Z3E3HA7fJOcxLD1%2FPSXp4oQkNUCLrh97zy4Zg%2B%2FozLZmx5xFR1oLum7EUzlR2vdyl1zLFzIjNLjx8gLymirG5hlVp7G%2F28NNcL7x2868fEE14xJsRxpTbkPWFvzA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9e8d1d3f53-SIN
alt-svc: h2=":443"; ma=60
i.postimg.cc/3wk7cXhY/mandiri-on.gif
162.19.88.69200 OK 191 kB URL HTTP/2 i.postimg.cc/3wk7cXhY/mandiri-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 191 kB (191291 bytes)
Hash a0f9422649c52917d1d5cd784ef7cf32
d81a6313a049b6fc91189997657f4b523926da7b
626363a445e0a2c59d15e93005caba321080f8337f2a39ecb2a53aae2d445d7e
GET /3wk7cXhY/mandiri-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 191291
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
secure.livechatinc.com/customer/action/open_chat?license_id=14437305&group=0&embedded=1&widget_version=3&unique_groups=0
23.36.79.8200 OK 2.6 kB URL HTTP/2 secure.livechatinc.com/customer/action/open_chat?license_id=14437305&group=0&embedded=1&widget_version=3&unique_groups=0
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8824), with no line terminators
Hash 0fa67c2edb3d404fbb15d383b079eedf
43d8626b6e24dff3cf937cc4143c10049acaf352
072e11771425c25df2301aea4faf826eb985eabc76ca8e3854f2daa32429fdcd
GET /customer/action/open_chat?license_id=14437305&group=0&embedded=1&widget_version=3&unique_groups=0 HTTP/1.1
Host: secure.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
content-type: text/html; charset=utf-8
vary: Accept-Encoding
date: Thu, 23 Mar 2023 16:07:35 GMT
content-length: 2559
X-Firefox-Spdy: h2
149.28.159.163/assets/img/BSI.png
149.28.159.163200 OK 3.2 kB URL HTTP/1.1 149.28.159.163/assets/img/BSI.png
IP 149.28.159.163:0
File type PNG image data, 78 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash b9c3e552b73597c4da15f8bf94d0c779
9b4e961540c7f03124ecabbb629fde69dec0dc98
1f1c5a88de516b2fd7d8fdc290a43689f552ce09d4bbbf2ab3f1394ac064451b
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/BSI.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 3185
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:28 GMT
ETag: "9728be7ee83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2883
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k45lrPADSmq7HMpRnI51MQRfhTYBQKSWrGYr0rhufrnAFteILuqA56VHfYZBBB0ZbIdMfr2xG0zegGpSRCL1rK9H45DPI%2FfphBI%2FY4zD41M%2F3H2c7U3cZJkOQSJxOCpCd1%2Bg0yKpC4ebBcdFEic%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9e9dee48d6-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/cimb-2.png
149.28.159.163200 OK 3.5 kB URL HTTP/1.1 149.28.159.163/assets/img/cimb-2.png
IP 149.28.159.163:0
File type PNG image data, 120 x 27, 8-bit/color RGBA, interlaced\012- data
Hash c59dcfcb25ac64400ed6d28d8e6cc72c
028cf386833745767a1cec2c0fd8160ed72637af
e843982adc5371fe5bc20086c561913b1fde00fbca1249427161f31ef653c017
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/cimb-2.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 3503
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:44 GMT
ETag: "b5e2988e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6940
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qy7X%2FVnYM%2BQ8ItM18yERLzJRNnex3mUEd%2B1FCxVcOmR3dQSX%2Bj%2B6CTqrisVaO8riPoIB928TxBey8Vy6xa%2Frz0%2BmRPkHduSns27YNXb1OLJJAAKVwRBz6Mr%2FdbEbSm7bsO2xlW3Rmvo3uUOl8r8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9e9cff9f71-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/F0GBSdp/SHIO-FIGHTS.jpg
162.19.58.161200 OK 206 kB URL HTTP/2 i.ibb.co/F0GBSdp/SHIO-FIGHTS.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 16:32:15], progressive, precision 8, 600x586, components 3\012- data
Size 206 kB (205597 bytes)
Hash 9a88af237a4ea8310e8a8ccb8d7e4612
3a9541a47c33b598ce8cc71dcb3c79f106568bb4
f4ee043286deaeef7d03f97bfd030cc8a5b62d7dbad846e7b9e00adbc2b020bd
GET /F0GBSdp/SHIO-FIGHTS.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 205597
last-modified: Sun, 28 Aug 2022 09:46:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/jdhsw-qv0/maybank-on.gif
162.19.88.69200 OK 191 kB URL HTTP/2 i.postimg.cc/jdhsw-qv0/maybank-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 191 kB (191418 bytes)
Hash 6ddfd8e43f4cccd6bc41a251f4a13df1
eec937d2166af8d9c9537adccc02c135971327cc
7646c6732c2ef94048c9b012b4ec7e0f3eb4b11ea3b40f07e65f8c447f1acef2
GET /jdhsw-qv0/maybank-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 191418
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/img/dana.png
149.28.159.163200 OK 2.2 kB URL HTTP/1.1 149.28.159.163/assets/img/dana.png
IP 149.28.159.163:0
File type PNG image data, 89 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash d4c86054bef770accb247693dce1184d
215ae0206849177269831f7b9e433794b2ef80ea
eb6f10f5452fd08234a524d21df41a6b9be1466c0c3acd39017951cd4122a3cf
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/dana.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 2233
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:44 GMT
ETag: "15dc4788e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=92RzTmL8lI7zD2ZOLkXaem%2BvyU5BEitla9J9HvfnfzJwIE9MELL9e5irr%2FZuSF4e5MtFsMsWprXcwpwYqWKmd%2FmK5xmM8dKE3sCUA417vZva%2BV3wmBmNOSTOwLO9mV6dz%2Bs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9ebccfa08d-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/jZQB1MD/POKERDICE.jpg
162.19.58.161200 OK 232 kB URL HTTP/2 i.ibb.co/jZQB1MD/POKERDICE.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 22:01:45], progressive, precision 8, 600x586, components 3\012- data
Size 232 kB (232258 bytes)
Hash 9fae6cd4a002d0fdd33e7918d1d7694e
fe3ff54b77e16e283d823ecdc7ddbab0512e0e68
57244556e5c3b384a6e3bff8f61881ac00017693d66b16944882e36c4f435515
GET /jZQB1MD/POKERDICE.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 232258
last-modified: Sun, 28 Aug 2022 09:46:24 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/MpKzykrc/gopay-on.gif
162.19.88.69200 OK 184 kB URL HTTP/2 i.postimg.cc/MpKzykrc/gopay-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 184 kB (183978 bytes)
Hash 60f4d0a79a45d24bfd060e64722c48a7
c6e4c649c7003963d28c361904e4efc82aa47365
9aeb7ae4d515eb5c67e2a7b7d2b31d22f09d9f00844836ae71893bd47c9c9e9d
GET /MpKzykrc/gopay-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 183978
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/sWJWmsG/HONGKONG.jpg
162.19.58.161200 OK 299 kB URL HTTP/2 i.ibb.co/sWJWmsG/HONGKONG.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:00:37], baseline, precision 8, 600x586, components 3\012- data
Size 299 kB (298671 bytes)
Hash bc729e5f07651f1f6fccb67d1d4bc9f2
2b625d09635e52a71097c6833d0c6c0a75b1dcfd
cc8b90df392e4154a76378e1b55f8bca8a418269d5d653d351eed3ee67cf360d
GET /sWJWmsG/HONGKONG.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 298671
last-modified: Mon, 22 Aug 2022 15:12:42 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/xCHQ09qZ/link-aja-on.gif
162.19.88.69200 OK 185 kB URL HTTP/2 i.postimg.cc/xCHQ09qZ/link-aja-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 185 kB (184908 bytes)
Hash 1e0ec5d9b4bb9b3c059d4548ca2937b1
3bf76b848107999945d7630df7ba202afdf7baaf
aeaeb24f490afbe7b3db551ad35fa605e2ddefa3e05566afb43286b9a674bee4
GET /xCHQ09qZ/link-aja-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 184908
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.livechatinc.com/widget/static/js/0.f3afd98f.chunk.js
23.36.79.8200 OK 15 kB URL HTTP/2 cdn.livechatinc.com/widget/static/js/0.f3afd98f.chunk.js
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (47599), with no line terminators
Hash f09d9b5065aab8825dd08d7913bae1f5
5deb1be8e9fc6f8ccadba10260fcf6cb16e75c0f
87b0af1eec5c6e8932a90445802bc65cda56d58ce4a61c2d8acfa8391884db11
GET /widget/static/js/0.f3afd98f.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 01 Mar 2023 11:00:20 GMT
etag: W/"8b6c1a603bccc6a1e3b59ff3aace75e9"
x-amz-server-side-encryption: AES256
x-amz-version-id: h2cmWK2hBRFGAcYHe5iF9o0zzYpsb.No
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: Bw2IzZOyr_49K9oRG13FInrJKTBymZV69Cv1jf8Jl85RWWz2ol11cw==
content-length: 14942
cache-control: max-age=31536000
expires: Fri, 22 Mar 2024 16:07:35 GMT
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.livechatinc.com/widget/static/js/1.56ff3dd7.chunk.js
23.36.79.8200 OK 70 kB URL HTTP/2 cdn.livechatinc.com/widget/static/js/1.56ff3dd7.chunk.js
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65462)
Hash d4a6c6921f876cd2f488f71c9c6cf75d
1d7ad268a3d997ea733358fb2a59bc1c63237228
a902ad487c258a2f2ca559f0c4f3cf540927d525ed75e733ff855569801839b7
GET /widget/static/js/1.56ff3dd7.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Mar 2023 09:29:10 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: xiuRP9ngsNjNTs9HmKs.2KjQwzL8hteR
server: AmazonS3
content-encoding: gzip
etag: W/"82d0dc19c8413c5682ac79122698124f"
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: CdeUDrwJhMzOI4nYbmPlxOXPpzrzyz1VhvzblrTE0EQ6BtVlzVQNoQ==
content-length: 69875
cache-control: max-age=31536000
expires: Fri, 22 Mar 2024 16:07:35 GMT
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
i.ibb.co/t3bc47n/NIUNIU.jpg
162.19.58.161200 OK 240 kB URL HTTP/2 i.ibb.co/t3bc47n/NIUNIU.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 22:19:57], progressive, precision 8, 600x586, components 3\012- data
Size 240 kB (239810 bytes)
Hash bd8046fb64be772dbbcd7d83c3c71616
e5f05efda9041769ac75cdc3454eb58e37e53941
42287d73d6555af13fd3e1fbff1e98e11adfadb3021b29addbfd7b517ecdd703
GET /t3bc47n/NIUNIU.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 239810
last-modified: Sun, 28 Aug 2022 09:46:23 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/MHm8Qt7b/bri-on.gif
162.19.88.69200 OK 180 kB URL HTTP/2 i.postimg.cc/MHm8Qt7b/bri-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 180 kB (180538 bytes)
Hash 16a140d899a72b53373a2d8f635e9ab1
9c769a8b171713949d39ee4747618978c2fba354
58e75401b8dd58b47d2fe1d7792d8fe8e17f0e5dbac3b2076958585a9d3d2291
GET /MHm8Qt7b/bri-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 180538
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.livechatinc.com/widget/static/js/iframe.4a9c5b18.chunk.js
23.36.79.8200 OK 206 kB URL HTTP/2 cdn.livechatinc.com/widget/static/js/iframe.4a9c5b18.chunk.js
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65457)
Size 206 kB (206377 bytes)
Hash 05d8428cb4791937c45b7c5e8d8f4774
e8e211707bc23304f0f9d28e5c11ad87aa1ed5e1
1517dacdf61ed5ff5edb0ae1d32f02677902e61eb1d540fc7b3117f94cbc876a
GET /widget/static/js/iframe.4a9c5b18.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 15 Mar 2023 09:03:45 GMT
etag: W/"ee1ee2e924d64b378d63f6a05a6ffdf0"
x-amz-server-side-encryption: AES256
x-amz-version-id: He6acq_HduuELcp3HP_QIcEBoA.Bhwcc
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 3z4Oe3XdOJxpBjTgq4ZgRaB47rN2hjOCjYjf5spGGsTzHGvLXdcUhg==
content-length: 206377
cache-control: max-age=31536000
expires: Fri, 22 Mar 2024 16:07:35 GMT
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
i.postimg.cc/YC9wv6hY/bca-on.gif
162.19.88.69200 OK 178 kB URL HTTP/2 i.postimg.cc/YC9wv6hY/bca-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 178 kB (178178 bytes)
Hash ba12e457ae5feae540dc00ed0154fd23
51a469243d769b0b02cc97e7b4e7b83289c280c5
1d6f9adf6b71752a5dce35c48a0f467a1a004a01de0422debc12cef54f10d917
GET /YC9wv6hY/bca-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 178178
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.livechatinc.com/widget/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
23.36.79.8200 OK 13 kB URL HTTP/2 cdn.livechatinc.com/widget/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 12852, version 1.0\012- data
Hash 3b5df7e947d77201eaf22f3dbdac08cc
21989ca07e4afe32d48982b816b8fac85ce3e668
4a46d61a9aed90cea010dbabcdb510b9ceff1b729a06b169cdbe142f66cbc86f
GET /widget/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2 HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure.livechatinc.com
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 12852
last-modified: Tue, 18 Oct 2022 07:22:37 GMT
etag: "3b5df7e947d77201eaf22f3dbdac08cc"
x-amz-version-id: 4jMtpmrTh3NU2il.eSSLRODO9UYgvJk9
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: HAM50-C2
x-amz-cf-id: KM8abeyaVeSEIxlLTJcUkoNH7_q4l1PlUQolOkL0_K8Ml-Hn8lULcg==
cache-control: max-age=31536000
expires: Fri, 22 Mar 2024 16:07:35 GMT
date: Thu, 23 Mar 2023 16:07:35 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
149.28.159.163/assets/img/GoPay.png
149.28.159.163200 OK 4.0 kB URL HTTP/1.1 149.28.159.163/assets/img/GoPay.png
IP 149.28.159.163:0
File type PNG image data, 86 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 50248070ce64c8360a5576e782f23e68
a14710eec9377c1200f0af4f13c2518e0d15fcc8
c1e6c3f3fa6029282b8d718f2088fd4dfd5ea272fcb63bc37f95e66df9918df2
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/GoPay.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 4046
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:46 GMT
ETag: "b0fc6589e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1097
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=obN6rRmWX1QWRt3%2FZHSOsoCrYDdvAadI8zQz5z9gRHiXbO2u8vvCQ6kZGMXjTfPN1Pd30xi3GuCHm3tTYOLBvweqKz1%2FVW%2BwqB4A6Ld8WD4cY6Zv5w%2FqcV%2BnIeULsyX%2FSeQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9f786a3db7-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/danamon.png
149.28.159.163200 OK 897 B URL HTTP/1.1 149.28.159.163/assets/img/danamon.png
IP 149.28.159.163:0
File type PNG image data, 83 x 21, 8-bit colormap, non-interlaced\012- data
Hash 09c3d58d1975cda982b351344ed43da1
83c6e4c954bd431779cbc478472e3931c65f204e
3e911cbcd7f001af49b046d34bb7cc40c9b2e3ff280d0da498641c99a6509dfe
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/danamon.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 897
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:44 GMT
ETag: "15dc4788e83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jp%2ByR2NPvXMPXP6RH5%2B78lgWcvo753IPKZEhgxTlpyuWzOCqDsjr8JARfiGJQt7jpyE%2BAeoOzPZwFuWmPy%2F3DbPxUKxlxty4tc4fNSZf9gPVL6Of1VM9CVFGYWLvmbLUIJjnVZauDl54d%2BxU%2Fxw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7ed9f793891cb-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/8MtfqSg/TENNESSE.jpg
162.19.58.161200 OK 263 kB URL HTTP/2 i.ibb.co/8MtfqSg/TENNESSE.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:11:21], progressive, precision 8, 600x586, components 3\012- data
Size 263 kB (263193 bytes)
Hash f9e3b07afdf3d5f07afb36438c691235
78bce8ae5cce1af63d97127861d4edf9d12d3872
f2da507d9f722af8dce32b8d6acc0faadb47386ac3caff85029dcd32bee631ca
GET /8MtfqSg/TENNESSE.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 263193
last-modified: Mon, 22 Aug 2022 15:12:50 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/zDKDNFgf/ovo-on.gif
162.19.88.69200 OK 184 kB URL HTTP/2 i.postimg.cc/zDKDNFgf/ovo-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 184 kB (184078 bytes)
Hash df739b8bc053dc5df26091946eae9fbd
d261935417316b063201b0c66b07e13458b790ea
2382a27c62801d75b67311ea11b9b51ef21d78dd80bec7dc17ed9bacee973361
GET /zDKDNFgf/ovo-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 184078
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.livechatinc.com/widget/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
23.36.79.8200 OK 13 kB URL HTTP/2 cdn.livechatinc.com/widget/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 12688, version 1.0\012- data
Hash d9f5998f47f6f22cb66e7dbf428c76ab
86b993baf91f867a03ea62e0d0adc9488530efaa
e94ba9c6df7a149b4b3c590bcc484ce24ce7c0f15c6f7f43479035a6311211d6
GET /widget/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2 HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure.livechatinc.com
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
content-length: 12688
last-modified: Tue, 18 Oct 2022 07:22:38 GMT
etag: "d9f5998f47f6f22cb66e7dbf428c76ab"
x-amz-version-id: msVoGOeEvv4rBAjmPT.bOOY9QhLnYq.K
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: HAM50-P2
x-amz-cf-id: X3prfpUvaSuujXUioKllfbrWJRSujJaRcEeTIItJqtcJgekTOM8gKw==
cache-control: max-age=31536000
expires: Fri, 22 Mar 2024 16:07:35 GMT
date: Thu, 23 Mar 2023 16:07:35 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
i.ibb.co/6YVyFgs/JEPANG.jpg
162.19.58.161200 OK 293 kB URL HTTP/2 i.ibb.co/6YVyFgs/JEPANG.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:57:53], baseline, precision 8, 600x586, components 3\012- data
Size 293 kB (293145 bytes)
Hash f435f857a7a4dc5f7dd107058584c103
5939cf7dc1b4f32578592f96168c384296b83fd3
a382ed858dceff9166a91f8b274e7ff14b759bbc966605827ad17af71e84c027
GET /6YVyFgs/JEPANG.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 293145
last-modified: Mon, 22 Aug 2022 15:12:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/sDzjgGY4/permata-on.gif
162.19.88.69200 OK 192 kB URL HTTP/2 i.postimg.cc/sDzjgGY4/permata-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 192 kB (191703 bytes)
Hash 4e93d910cf34b49355dda7db0a4a84a1
c4e0ff216bd4ddfd8e0c5d71d4bdd0557f4a660e
c9de6e92418695b80f12e26aee0a6bdee79e77be3ac433abe9a6d4ebe0865b00
GET /sDzjgGY4/permata-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 191703
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/S6DSfjZ/JAKARTA.jpg
162.19.58.161200 OK 293 kB URL HTTP/2 i.ibb.co/S6DSfjZ/JAKARTA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:59:28], baseline, precision 8, 600x586, components 3\012- data
Size 293 kB (292582 bytes)
Hash 8e7f2a26873913d654f047ff8964746b
6a6f2faae303b4157ffc75873135ab1f00af90f6
9f1a1b55ff495ef95ce7b8e683d35dbf86d06f100a5bb09f679aa28c2a54b2da
GET /S6DSfjZ/JAKARTA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 292582
last-modified: Mon, 22 Aug 2022 15:12:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/x67Y2RX/CAROLINA.jpg
162.19.58.161200 OK 297 kB URL HTTP/2 i.ibb.co/x67Y2RX/CAROLINA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:02:38], baseline, precision 8, 600x586, components 3\012- data
Size 297 kB (297159 bytes)
Hash 4d9303ef1fe97432a5a6eed5b44a0b74
72fabafed95bb9f079fdcc3e3a3d60043e5459b2
5857a4780ad2eebe6870aa68e089b59797eade32f36c1a0e52a9d610185120d9
GET /x67Y2RX/CAROLINA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 297159
last-modified: Mon, 22 Aug 2022 15:12:40 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/ZY8m2YGB/bni-on.gif
162.19.88.69200 OK 180 kB URL HTTP/2 i.postimg.cc/ZY8m2YGB/bni-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 180 kB (180209 bytes)
Hash c90bba5ad6ba688213d78cd0519f4b4d
c9abbdc932b9fb2ddda9f48c6692327dd3a1dae7
38e61066f8fa16d6935b259ce66bb6e38ae5d762e3dd152590d8580a90ce27a8
GET /ZY8m2YGB/bni-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 180209
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
img.greatlink.click/uploads/538254962_PASARAN%20exo%20georgia%20NIGHT.png
66.29.132.119200 OK 162 kB URL HTTP/2 img.greatlink.click/uploads/538254962_PASARAN%20exo%20georgia%20NIGHT.png
IP 66.29.132.119:0
File type PNG image data, 600 x 586, 8-bit/color RGB, non-interlaced\012- data
Size 162 kB (162494 bytes)
Hash e94f0460416ec39dacdbdd6f480b85f9
9f08d927f17453776b2e0c5fa891d3dd0769fa7e
b297cb230c0c1ff0fc0145ce639092840e27dc8a429820a7bcb248d54fee409e
GET /uploads/538254962_PASARAN%20exo%20georgia%20NIGHT.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:35 GMT
content-type: image/png
last-modified: Thu, 09 Feb 2023 13:36:23 GMT
accept-ranges: bytes
content-length: 162494
date: Thu, 23 Mar 2023 16:07:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
i.ibb.co/RBSjD4t/CALIFORNIA.jpg
162.19.58.161200 OK 301 kB URL HTTP/2 i.ibb.co/RBSjD4t/CALIFORNIA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:27:21], baseline, precision 8, 600x586, components 3\012- data
Size 301 kB (300980 bytes)
Hash 1b35a90253d409b64dcfe8f982b83b0f
35b6770eb71e4ec7c40ecd5c3f39b53474095d0e
e0468babf782e5fcbf0f78bdc6a545d689084743fef6a1e24b0b6d3ef81a4cd0
GET /RBSjD4t/CALIFORNIA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 300980
last-modified: Mon, 22 Aug 2022 15:12:40 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/Hs3gWZsT/cimb-on.gif
162.19.88.69200 OK 188 kB URL HTTP/2 i.postimg.cc/Hs3gWZsT/cimb-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 188 kB (188319 bytes)
Hash 27cde9776306029954a007a5b607734f
bee382aacbf80dbaa5b365e212b961cb4b15d8c3
a67ac9ff2891a1f15cd1d171bc322f174f1c7d4313f1d9f3411959aa7a95f86f
GET /Hs3gWZsT/cimb-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 188319
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/img/mandiri.png
149.28.159.163200 OK 1.1 kB URL HTTP/1.1 149.28.159.163/assets/img/mandiri.png
IP 149.28.159.163:0
File type PNG image data, 86 x 25, 8-bit colormap, non-interlaced\012- data
Hash d6370af97aa7f285493a9aecb3e33a42
9a52cc25ace828f731b8790593a2aef19a7b2d23
5e829a18cd9f27940b0bcfd8cbdc4395f368de18d89fd96bf09fcd5cf267a58a
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/mandiri.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 1127
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:50 GMT
ETag: "16c37f8be83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6978
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2B9amuTbONXh6BaznOKqyuqsMEf%2BEByyBPxAFhHamjaBYyQuDRbPFPWj3%2FFv%2BRLsgvuQg7bkFs9UnA5FnX6nK9I272EyNmC0GeAYvWT7tkO%2BIn5TRjZa23RWggJk%2B%2FiTpSY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda07ce04cc5-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/linkaja.png
149.28.159.163200 OK 2.1 kB URL HTTP/1.1 149.28.159.163/assets/img/linkaja.png
IP 149.28.159.163:0
File type PNG image data, 89 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d5925ab422101ea8f19560ed06cc097
f749f359d92005a41ffce77b9a2d8c5888670f6c
7dfc635cc62e740491850e4bf48ecf3cf0cf21b248f9af8536abac4157156888
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/linkaja.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 2146
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:49 GMT
ETag: "bb2d68be83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1097
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ty%2BxDqu3%2F4NkL3RGOc2aFT19itdE9zAYd3jUjgk1m8Tcr9KIJ%2BERQfYZOAJ531obIfcYGgJRcMMiIPHMR1MPK3AdtFeK6fmZhuPvzOG6XfqqcBjbiiwWMcRp0LEWd7dM%2FY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda058504490-SIN
alt-svc: h2=":443"; ma=60
img.greatlink.click/uploads/788323510_PASARAN%20exo%20georgia%20eve.png
66.29.132.119200 OK 163 kB URL HTTP/2 img.greatlink.click/uploads/788323510_PASARAN%20exo%20georgia%20eve.png
IP 66.29.132.119:0
File type PNG image data, 600 x 586, 8-bit/color RGB, non-interlaced\012- data
Size 163 kB (162815 bytes)
Hash 3f14a1bb68d6a4e415ef454d4603694b
904377983e202529617af67548a0b05e113b9280
7e90d16dc62448689c714623f346b8ac0b53d23829b30405aae9ac9c737d932f
GET /uploads/788323510_PASARAN%20exo%20georgia%20eve.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:35 GMT
content-type: image/png
last-modified: Thu, 09 Feb 2023 13:35:59 GMT
accept-ranges: bytes
content-length: 162815
date: Thu, 23 Mar 2023 16:07:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
i.ibb.co/WzPj6Z5/SINGAPORE25.jpg
162.19.58.161200 OK 302 kB URL HTTP/2 i.ibb.co/WzPj6Z5/SINGAPORE25.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:05:02], baseline, precision 8, 600x586, components 3\012- data
Size 302 kB (302166 bytes)
Hash c1bce07ecfdde4c20356e5a2867333a4
344e84aba62987987b96790d6a4ba962851aa357
f61affc11ae70c025d146db897380e8e1261aa4f71069ee40d8fb2e5953125bc
GET /WzPj6Z5/SINGAPORE25.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 302166
last-modified: Mon, 22 Aug 2022 15:12:49 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.postimg.cc/YSTkKv2g/danamon-on.gif
162.19.88.69200 OK 191 kB URL HTTP/2 i.postimg.cc/YSTkKv2g/danamon-on.gif
IP 162.19.88.69:0
File type GIF image data, version 89a, 145 x 80\012- data
Size 191 kB (190638 bytes)
Hash b666a40535da3f955cc2527101711adc
750a1196f67d0eb34effb6c34f56e364b1d23606
7880faac488a81dfe4f13bef5b6b9667e53f600e681b0a20e21f0c37d4126fec
GET /YSTkKv2g/danamon-on.gif HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/gif
content-length: 190638
last-modified: Tue, 23 Aug 2022 05:25:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
img.greatlink.click/uploads/894662198_PASARAN%20exo%20georgia%20MID.png
66.29.132.119200 OK 163 kB URL HTTP/2 img.greatlink.click/uploads/894662198_PASARAN%20exo%20georgia%20MID.png
IP 66.29.132.119:0
File type PNG image data, 600 x 586, 8-bit/color RGB, non-interlaced\012- data
Size 163 kB (163082 bytes)
Hash 4c10e8f01cd495c56afc0d1ec53b99b6
df72066034b7e043bf8a5598195f24d6d186f131
360bf41d706ef3787cdcd6123a063bb13edd50661575f5acf6e30de89dfd2cc9
GET /uploads/894662198_PASARAN%20exo%20georgia%20MID.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:35 GMT
content-type: image/png
last-modified: Thu, 09 Feb 2023 13:36:13 GMT
accept-ranges: bytes
content-length: 163082
date: Thu, 23 Mar 2023 16:07:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
149.28.159.163/assets/img/maybank.png
149.28.159.163200 OK 3.2 kB URL HTTP/1.1 149.28.159.163/assets/img/maybank.png
IP 149.28.159.163:0
File type PNG image data, 87 x 23, 8-bit/color RGBA, interlaced\012- data
Hash 9090309db1eed014753ae3b858b4084b
a697395e709e693789bd82b2130b3c2ad3a4aa48
09f4d88fdb291df0519ef0bf158f3308c71fe9a921e2cf11bf990bcf0b8380c0
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/maybank.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 3174
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:50 GMT
ETag: "16c37f8be83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=egLzTSDQu37lPYgtkq%2Bbevaovy8Yw9QwR7C8EqGcptpKMnrFHPd60gj%2B9WRY6bNH18bbcl88RUXAfkfqCVp3NXpkIceWHtUJqh7oGONKHtoco4CwWvSlqKCgaOjnD52wIKqb2tIC6Yfg98Wm4l0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda079419fc2-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/ovo.png
149.28.159.163200 OK 4.6 kB URL HTTP/1.1 149.28.159.163/assets/img/ovo.png
IP 149.28.159.163:0
File type PNG image data, 86 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 9a8ceefca77b6a4f356bf139e59065b7
fecb95c6ad2fddbcf2424b60a31503917c1cbc02
71dfe3342d07e446916111fed9de1724bdde56c963c1b2573b7ec643e9f26e50
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/ovo.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 4578
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:51 GMT
ETag: "aa47248ce83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2773
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TcNdO8xSETPEtPfbG5qH9dNJLGYm92tiM9xeS%2Bem4trh9Vm4kAgMVBaGKbjBiLk9OB56iYzkRK2l4Ofj7bmWll1BufZyURfO9FSUeOOFdfe53LaaKPRDpBRsBZt3cYj7FM1FfgBbrtcMJe9%2FPn4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda09e5e402f-SIN
alt-svc: h2=":443"; ma=60
img.greatlink.click/uploads/1617166041_PASARAN%20exo%20DELAWARE%20NIGHT.png
66.29.132.119200 OK 161 kB URL HTTP/2 img.greatlink.click/uploads/1617166041_PASARAN%20exo%20DELAWARE%20NIGHT.png
IP 66.29.132.119:0
File type PNG image data, 600 x 586, 8-bit/color RGB, non-interlaced\012- data
Size 161 kB (160914 bytes)
Hash 31ac3975673e7051e02c97dd8e366007
6eb53b7c6abacad86107d0486e5462f273ee9c85
1a88ca1a37b6f121885f8f9b287be96d4ec8408fa6daab08237716b467aff8cd
GET /uploads/1617166041_PASARAN%20exo%20DELAWARE%20NIGHT.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:35 GMT
content-type: image/png
last-modified: Thu, 09 Feb 2023 13:37:40 GMT
accept-ranges: bytes
content-length: 160914
date: Thu, 23 Mar 2023 16:07:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
i.ibb.co/GJ8cWWc/SYDNEY.jpg
162.19.58.161200 OK 293 kB URL HTTP/2 i.ibb.co/GJ8cWWc/SYDNEY.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:53:58], baseline, precision 8, 600x586, components 3\012- data
Size 293 kB (293284 bytes)
Hash 28a0c79a7928319fe136120288e8d92e
ff56efa1fad616f8331832eeaf733c90e486677c
e8e8de1fb27498d0b62e8a8fee26b4b6ea7d597998b0274bd0ee034fe232a6df
GET /GJ8cWWc/SYDNEY.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 293284
last-modified: Mon, 22 Aug 2022 15:12:49 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
img.greatlink.click/uploads/1931609012_PASARAN%20exo%20WISCONSIN%20MIDDAY.png
66.29.132.119200 OK 161 kB URL HTTP/2 img.greatlink.click/uploads/1931609012_PASARAN%20exo%20WISCONSIN%20MIDDAY.png
IP 66.29.132.119:0
File type PNG image data, 600 x 586, 8-bit/color RGB, non-interlaced\012- data
Size 161 kB (161050 bytes)
Hash e940f81ee7d5f7e0f84cdf67439aeecc
9912572515d83b748a30121e07032eb393da901d
06dfced1a0021e488814e2158d9909af11a8df3dd1f1f9f32e5e74c5adf43277
GET /uploads/1931609012_PASARAN%20exo%20WISCONSIN%20MIDDAY.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:35 GMT
content-type: image/png
last-modified: Thu, 09 Feb 2023 13:38:04 GMT
accept-ranges: bytes
content-length: 161050
date: Thu, 23 Mar 2023 16:07:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
img.greatlink.click/uploads/565825600_PASARAN%20exo%20MARYLAND%20MIDDAY.png
66.29.132.119200 OK 160 kB URL HTTP/2 img.greatlink.click/uploads/565825600_PASARAN%20exo%20MARYLAND%20MIDDAY.png
IP 66.29.132.119:0
File type PNG image data, 600 x 586, 8-bit/color RGB, non-interlaced\012- data
Size 160 kB (160460 bytes)
Hash 4f3f97e06d8edd510a4471b0c0181484
d1d66d1c9ecacc076cce432b7675d9dd084c14ea
5bc5cb0b44f45912eda9fc66af7891473e015811be0362dff0bc103829ffd495
GET /uploads/565825600_PASARAN%20exo%20MARYLAND%20MIDDAY.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:35 GMT
content-type: image/png
last-modified: Thu, 09 Feb 2023 13:36:44 GMT
accept-ranges: bytes
content-length: 160460
date: Thu, 23 Mar 2023 16:07:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
i.im.ge/2023/03/22/DvMCyz.bg-ramadan-exo.jpg
176.97.192.107200 OK 1.1 MB URL HTTP/2 i.im.ge/2023/03/22/DvMCyz.bg-ramadan-exo.jpg
IP 176.97.192.107:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 1920x1080, components 3\012- data
Size 1.1 MB (1098777 bytes)
Hash 35c393bd624507009d79dcbd8b3ca3cb
91ca6b9f051959b3b2942c3cc4c0a23c6243a804
f8290fd189037c2378ed385e6f9cfede4dc2eb220295454f62cbf552fccd26ab
GET /2023/03/22/DvMCyz.bg-ramadan-exo.jpg HTTP/1.1
Host: i.im.ge
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.22.0
date: Thu, 23 Mar 2023 16:07:34 GMT
content-type: image/jpeg
content-length: 1098777
accept-ranges: bytes
access-control-expose-headers: Content-Disposition
content-disposition: inline; filename="DvMCyz.bg-ramadan-exo.jpg"
etag: "35c393bd624507009d79dcbd8b3ca3cb"
last-modified: Wed, 22 Mar 2023 09:04:29 GMT
expires: Thu, 23 Mar 2023 17:07:34 GMT
cache-control: max-age=3600, public
age: 0
X-Firefox-Spdy: h2
i.ibb.co/YLmc0yc/BULLSEYE.jpg
162.19.58.161200 OK 299 kB URL HTTP/2 i.ibb.co/YLmc0yc/BULLSEYE.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:03:29], baseline, precision 8, 600x586, components 3\012- data
Size 299 kB (298682 bytes)
Hash 1e192e71f968b76b6166e66ca5f831a2
e09ef6aa532f3aa60d95302665d2aee13db5ba18
3f3366620bdd8c1fdc8179b6f894c7829d4694d4908d60a8aaf181f99793e56c
GET /YLmc0yc/BULLSEYE.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 298682
last-modified: Mon, 22 Aug 2022 15:12:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
img.greatlink.click/uploads/2005918716_PASARAN%20exo%20RHODE%20ISLAND%20MIDDAY.png
66.29.132.119200 OK 162 kB URL HTTP/2 img.greatlink.click/uploads/2005918716_PASARAN%20exo%20RHODE%20ISLAND%20MIDDAY.png
IP 66.29.132.119:0
File type PNG image data, 600 x 586, 8-bit/color RGB, non-interlaced\012- data
Size 162 kB (161874 bytes)
Hash 31d2c62a8b7714ce9702e2c5ead824f4
f3cf9621131620b855e5bd91714239b0474a9ff7
ceb920061d15e82ba17d57734aba940e0ce8a42a49c9a9bcdb6beb3a278755cd
GET /uploads/2005918716_PASARAN%20exo%20RHODE%20ISLAND%20MIDDAY.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:35 GMT
content-type: image/png
last-modified: Thu, 09 Feb 2023 13:37:02 GMT
accept-ranges: bytes
content-length: 161874
date: Thu, 23 Mar 2023 16:07:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
img.greatlink.click/uploads/603763016_PASARAN%20exo%20DELAWARE%20DAY.png
66.29.132.119200 OK 160 kB URL HTTP/2 img.greatlink.click/uploads/603763016_PASARAN%20exo%20DELAWARE%20DAY.png
IP 66.29.132.119:0
File type PNG image data, 600 x 586, 8-bit/color RGB, non-interlaced\012- data
Size 160 kB (160226 bytes)
Hash e32876c5f4c2afcb85da6f951409c118
c9c9ac6962c41e03fe65f9190d5631b6c4acc089
b16b74e157550b1234e9c72e59237c6a88b27f10c2787e6cafc75194662eb5f5
GET /uploads/603763016_PASARAN%20exo%20DELAWARE%20DAY.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:35 GMT
content-type: image/png
last-modified: Thu, 09 Feb 2023 13:37:21 GMT
accept-ranges: bytes
content-length: 160226
date: Thu, 23 Mar 2023 16:07:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
img.greatlink.click/uploads/75491358_PASARAN%20exo%20MARYLAND%20EVENING.png
66.29.132.119200 OK 161 kB URL HTTP/2 img.greatlink.click/uploads/75491358_PASARAN%20exo%20MARYLAND%20EVENING.png
IP 66.29.132.119:0
File type PNG image data, 600 x 586, 8-bit/color RGB, non-interlaced\012- data
Size 161 kB (161109 bytes)
Hash ec478d5a55a7a34a7632b266e559b125
7c6f813cc47aa425332b6b29ee4ea310b46bc5f4
54b9a49cef4e21f6ad1b9c2b4e4a0654177e59c3a276fcdd727bc2f278f9f9ae
GET /uploads/75491358_PASARAN%20exo%20MARYLAND%20EVENING.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:35 GMT
content-type: image/png
last-modified: Thu, 09 Feb 2023 13:36:34 GMT
accept-ranges: bytes
content-length: 161109
date: Thu, 23 Mar 2023 16:07:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
i.ibb.co/RPpZypD/ILLINOIS.jpg
162.19.58.161200 OK 262 kB URL HTTP/2 i.ibb.co/RPpZypD/ILLINOIS.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:10:52], progressive, precision 8, 600x586, components 3\012- data
Size 262 kB (262058 bytes)
Hash 29bba4d4aee25d15f16bb54041b8738a
ce8657f7c878d52d38888da03aadef74ec9df445
02a8432f3dfae80a7d1839c2989e6446491e0fe6afb75af8a11909f5a397947f
GET /RPpZypD/ILLINOIS.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 262058
last-modified: Mon, 22 Aug 2022 15:12:42 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/C5KSMDH/TAIWAN.jpg
162.19.58.161200 OK 262 kB URL HTTP/2 i.ibb.co/C5KSMDH/TAIWAN.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:08:09], progressive, precision 8, 600x586, components 3\012- data
Size 262 kB (261946 bytes)
Hash d0a51242fca088bab5d0b49c229b514f
d097a5c9b042089f68a0788fad4d5077c5e672de
4831a4da8084047a0d96f317eadb63a8b92d2aff28b4bf425a2dfa4edb036cbc
GET /C5KSMDH/TAIWAN.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 261946
last-modified: Mon, 22 Aug 2022 15:12:50 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/QcQGXHV/PCSO.jpg
162.19.58.161200 OK 260 kB URL HTTP/2 i.ibb.co/QcQGXHV/PCSO.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:07:56], progressive, precision 8, 600x586, components 3\012- data
Size 260 kB (259788 bytes)
Hash 0731ce5fbf711d9a1a5628626ab81e75
f63d8db8a17a554f9af58f9f7341ebe6307bdb7b
7a8da741f2892346cf3422c07af63afed0a27d09b6a5b613f9d3a4bd4f784026
GET /QcQGXHV/PCSO.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 259788
last-modified: Mon, 22 Aug 2022 15:12:47 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/CHg9kG5/TEXAS.jpg
162.19.58.161200 OK 260 kB URL HTTP/2 i.ibb.co/CHg9kG5/TEXAS.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:11:01], progressive, precision 8, 600x586, components 3\012- data
Size 260 kB (260477 bytes)
Hash e7c4c755cb43b164eec9af54db93d6ad
50a1582369847ba3928cc77a899be24f0a57ddb8
6f53fd1a5408e54d7904e51a00c4ec9d15a4867aa7ad083a888c12f8353cbec8
GET /CHg9kG5/TEXAS.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 260477
last-modified: Mon, 22 Aug 2022 15:12:50 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/RyGcx4y/MONGOLIA.jpg
162.19.58.161200 OK 264 kB URL HTTP/2 i.ibb.co/RyGcx4y/MONGOLIA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:07:29], progressive, precision 8, 600x586, components 3\012- data
Size 264 kB (264387 bytes)
Hash 27bde0575e7a453f5468aee2d3291ee3
099ddb4314ecd6e346dbdffac2df8b3439cd8090
28ac599f092e067e60685cd1e206b0a4e37fbf1089e67f4044088631d24c1a9d
GET /RyGcx4y/MONGOLIA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 264387
last-modified: Mon, 22 Aug 2022 15:12:45 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/YW9Rxng/KUPANG.jpg
162.19.58.161200 OK 263 kB URL HTTP/2 i.ibb.co/YW9Rxng/KUPANG.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:06:32], progressive, precision 8, 600x586, components 3\012- data
Size 263 kB (262619 bytes)
Hash b0db63253102d6239e82620cabdadc9f
44432055f9aa4c4269b9fa9683ba4ef4f8d9b08d
a11af706894690050995ca4532e0ceae932100622b68af49ad74d80dc7c5cead
GET /YW9Rxng/KUPANG.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 262619
last-modified: Mon, 22 Aug 2022 15:12:44 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/xMXb7hv/OHIO.jpg
162.19.58.161200 OK 259 kB URL HTTP/2 i.ibb.co/xMXb7hv/OHIO.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:10:32], progressive, precision 8, 600x586, components 3\012- data
Size 259 kB (259354 bytes)
Hash 686de8a410fab9341b40cddbeaeacb01
9a98a96110b4ba1d37dcae702aac73449af1fa5a
6c0ec1ee2a597b4a3fd0f22f5ae936414ef4ef863f3095db1702e89c83da3bf9
GET /xMXb7hv/OHIO.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 259354
last-modified: Mon, 22 Aug 2022 15:12:47 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/TWB6zCL/CAMBODIA.jpg
162.19.58.161200 OK 265 kB URL HTTP/2 i.ibb.co/TWB6zCL/CAMBODIA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:06:47], progressive, precision 8, 600x586, components 3\012- data
Size 265 kB (264650 bytes)
Hash 7bedd81f5220f27d45ba5144f72b3765
595a0be33bb7b694afb6847afc589ba81831fe9b
3e904fbc0f6fc9faeac850ba222fb9862b3c94b8e5a56c029d6ea6e13d865be7
GET /TWB6zCL/CAMBODIA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 264650
last-modified: Mon, 22 Aug 2022 15:12:40 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/img/PERMATA.png
149.28.159.163200 OK 6.6 kB URL HTTP/1.1 149.28.159.163/assets/img/PERMATA.png
IP 149.28.159.163:0
File type PNG image data, 400 x 102, 8-bit colormap, non-interlaced\012- data
Hash f5f8c69e95909040ed44250cc3b86c35
e333b452f22bcfd8368091118e301200e7f4f2b3
bd3ce223941f0e46a5f2bf3a048f36d65b57a595d3dfb06762799d4c2b37121b
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/PERMATA.png HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/png
Content-Length: 6567
Connection: keep-alive
Last-Modified: Sat, 18 Jun 2022 12:25:51 GMT
ETag: "b26f2b8ce83d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1719
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x0I9jCjdxXmD30gwRkX3vgxeJZAln46ioMSeomqxvlTRHzHUEJfUrvB0bO4T1dO0kNC0ClvlSCAA2PVTz%2FIFreg%2BCIulcGZs6uV3V4MxBwDJ8xxj5MdwxE4w%2FTV3n3nqrlMlfG7DQU5zHgyUYgo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda1a9624102-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/icon/icon-pools.jpg?v=1.1
149.28.159.163200 OK 6.9 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-pools.jpg?v=1.1
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 210x205, components 3\012- data
Hash 1b61fe941c5f21b6a5b2a0021304325e
57e917596324667df9bb88ef7aaa181bfd53ae0a
c1af05964be2562a6bbf7c1d8f2a19554198d2e2c1980454a2b8f61f307772ff
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-pools.jpg?v=1.1 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:35 GMT
Content-Type: image/jpeg
Content-Length: 6870
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "597298ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgY%2BGYglVItn0SPsAuUVgx1%2BklTqhlri3Hb%2FXlvCsMtnhkdCnUkufq%2FCFS%2BT8iFqPbmT6A5K5NKjwbIMRL0%2BaAPLMF%2BA8mFYG3xTZKkCAGorutsFJAOJtqg75nZhR7eT998%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda1ae964c41-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/f4VMPB0/PGSOFT.jpg
162.19.58.161200 OK 334 kB URL HTTP/2 i.ibb.co/f4VMPB0/PGSOFT.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 16:41:03], progressive, precision 8, 600x586, components 3\012- data
Size 334 kB (334542 bytes)
Hash 43ae03cb472cfcb4d9c9db0a4305cb78
7493e1a6c4e2d6be915d22ea8a1550f99f6d05e4
45498301318f8d32466f3d936ecd12b3bf97df128fca24b71a5fc74f422f0559
GET /f4VMPB0/PGSOFT.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 334542
last-modified: Sun, 28 Aug 2022 09:46:23 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/pZFWgy0/THAILAND.jpg
162.19.58.161200 OK 293 kB URL HTTP/2 i.ibb.co/pZFWgy0/THAILAND.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:52:54], baseline, precision 8, 600x586, components 3\012- data
Size 293 kB (292617 bytes)
Hash 5be96813da0f43868b300a05b5bf2b08
12c59e7d14ffbeac3f4c36cb9d9d417e93bcbad4
d47de73c90b7cad55fdac277c382dc2a6cbeb9b66a092c58435735d3293f5a39
GET /pZFWgy0/THAILAND.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 292617
last-modified: Mon, 22 Aug 2022 15:12:51 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/ZH4tJVv/PENNSYLVANIA.jpg
162.19.58.161200 OK 268 kB URL HTTP/2 i.ibb.co/ZH4tJVv/PENNSYLVANIA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:08:31], progressive, precision 8, 600x586, components 3\012- data
Size 268 kB (267562 bytes)
Hash 7f08d72df55aec759493a4d4e69ba0aa
21bad5c78954a2d68f32543abad0bc622d357f61
ad97ac7a09b925bb75b61f2dd2364216dad5ca3186c997e6f0f316d72304219f
GET /ZH4tJVv/PENNSYLVANIA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 267562
last-modified: Mon, 22 Aug 2022 15:12:48 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/YhD1SJg/OREGON.jpg
162.19.58.161200 OK 262 kB URL HTTP/2 i.ibb.co/YhD1SJg/OREGON.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:08:52], progressive, precision 8, 600x586, components 3\012- data
Size 262 kB (262494 bytes)
Hash 2d653d84d79623886c6a9bdd111c4e6e
10508a29dae5d056030dd74d39ac2d68ab7244fe
a8a2ab0b00ab233110d481fa72a143187503a573deb4de4c159e4aaffaa44fc1
GET /YhD1SJg/OREGON.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 262494
last-modified: Mon, 22 Aug 2022 15:12:47 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/wh5JFbQ/NUSATOTO.jpg
162.19.58.161200 OK 264 kB URL HTTP/2 i.ibb.co/wh5JFbQ/NUSATOTO.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:06:58], progressive, precision 8, 600x586, components 3\012- data
Size 264 kB (264472 bytes)
Hash e6a4421e7244903a2fe7ff7d28fa8188
c079cd732a2a634e606e07ff502cc8066b1fd8f8
163fc9fcd90e01a2e0929abd141587fbabda0e8addf9e84e8baecb76606f02ea
GET /wh5JFbQ/NUSATOTO.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 264472
last-modified: Mon, 22 Aug 2022 15:12:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/VtgF3C4/NEW-JERSEY.jpg
162.19.58.161200 OK 265 kB URL HTTP/2 i.ibb.co/VtgF3C4/NEW-JERSEY.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:10:02], progressive, precision 8, 600x586, components 3\012- data
Size 265 kB (265180 bytes)
Hash 4ca46dc64485f38b44241b066743d189
dde3025d3668fc744e80618782c1d250ce632b1b
c0b334a099f99e61bf580e394f4c20f597de3d2865c9678f82f6476b4c8a36f5
GET /VtgF3C4/NEW-JERSEY.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 265180
last-modified: Mon, 22 Aug 2022 15:12:46 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/6ZB2zpN/HEAD-TAIL.jpg
162.19.58.161200 OK 230 kB URL HTTP/2 i.ibb.co/6ZB2zpN/HEAD-TAIL.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 22:04:50], progressive, precision 8, 600x586, components 3\012- data
Size 230 kB (229934 bytes)
Hash 5cfe1989daca124f55f2bc93fb9d9ed4
545481f0e0e104f811432f836d7daddd4ca5370f
ebd47637996ad855f0b74877ee9acac13477e74059cc3a77b4bda14e69c88172
GET /6ZB2zpN/HEAD-TAIL.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 229934
last-modified: Sun, 28 Aug 2022 09:46:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/PWRVrbh/GONGBALL.jpg
162.19.58.161200 OK 237 kB URL HTTP/2 i.ibb.co/PWRVrbh/GONGBALL.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 22:07:16], progressive, precision 8, 600x586, components 3\012- data
Size 237 kB (237211 bytes)
Hash ae7b973ffa8379e1330834b8189dbec3
4acc6d0d2f8c169b77a850af2dd315adefab5762
7ca35369f9be48f0c4201d058361f8c7e62d1f424dfb09b881853acb18412051
GET /PWRVrbh/GONGBALL.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 237211
last-modified: Sun, 28 Aug 2022 09:46:18 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/img/icon/icon-SYDNEY.jpg?v=1.1
149.28.159.163200 OK 4.5 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-SYDNEY.jpg?v=1.1
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x205, components 3\012- data
Hash 4ae2801024b806bf9c792b648c2069ff
5327fd9187084a3cd5665b061be1ad50a88fd6b5
e7f471995cff2d274f80d9c96d3d4a066d8731fcea2d52446a93d88bd5e0d878
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-SYDNEY.jpg?v=1.1 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 4533
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "62d3b8ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqhSJoAQkx0%2B6VU8fW9kpnnQgbmFYQEvQp9v1zxCq4TsechGH4WiI1Ylsd1ZEP0N3CZ9yBsp0bgODtZi7NDGLUd2dVdpGCrVv2ZXHHaS201d6e14meebk5WSVHmJifgrJIKCIxDWAxc1CeMrLZs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda2492d3e00-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/0JxrmvZ/48D.jpg
162.19.58.161200 OK 251 kB IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 21:56:28], progressive, precision 8, 600x586, components 3\012- data
Size 251 kB (251264 bytes)
Hash f4ba4630ecf8e263d7d60eca4adb2d07
e7a2c4e17eaea9f6213215ecbe5f4cb38c1ec9d2
147078f3c0a71ce6179ab06d4cb6e9e4ce995eaa035d4bbd45657bbad2a7fbae
GET /0JxrmvZ/48D.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 251264
last-modified: Sun, 28 Aug 2022 09:46:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/gj5NJ2y/KENTUCKY.jpg
162.19.58.161200 OK 304 kB URL HTTP/2 i.ibb.co/gj5NJ2y/KENTUCKY.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:56:28], baseline, precision 8, 600x586, components 3\012- data
Size 304 kB (303709 bytes)
Hash ae5090310b0a9dd6a0f9d0c3272849d7
75a5bd2b178add86077757acdc21d9b23d3169be
5d991b52dac655fe71e551c4b0567bf322add00c75c4f4f2ad28027f845f39cb
GET /gj5NJ2y/KENTUCKY.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 303709
last-modified: Mon, 22 Aug 2022 15:12:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/M1Z8Q71/MISSOURI.jpg
162.19.58.161200 OK 297 kB URL HTTP/2 i.ibb.co/M1Z8Q71/MISSOURI.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:51:42 DIY-Thermocam raw data\012- (Lepton 2.x), scale 0-14402, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 28079051797331665786102611968.000000], baseline, precision 8, 600x586, components 3\012- data
Size 297 kB (297182 bytes)
Hash bf7f16a48bb31e91ba277a0d0c11b342
80991ce1ebb26658783500ceccda2be5f47eb844
ae2d354da4c3c53f30a8268dc3bcd0ae045531f008f15f657543e9a45bba37d5
GET /M1Z8Q71/MISSOURI.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 297182
last-modified: Mon, 22 Aug 2022 15:12:45 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/img/icon/icon-BULLSEYE.jpg?v=1.1
149.28.159.163200 OK 7.5 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-BULLSEYE.jpg?v=1.1
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 210x205, components 3\012- data
Hash 9dd8f23b6a101c6cbad2ba53d2c0e539
43f60d1e0de6c57d365fc42478541cfca0350590
8023bb1dea0ac895e22afd9d9f67b04e733c6128119d395d5e88eddea6eb9bd5
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-BULLSEYE.jpg?v=1.1 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 7534
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "451078ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ns1KlO%2BUK9VhdJtcfHxBi%2BomQCfw33Uq%2Bx%2BE2lE0oem8cTLmg3ctODkNJ%2BGbKKka1MYYcsW3DhYbLocnstt7pjF8tmIxBXy8NjKSavUn4Vpwt3gCm88mUJeTomFsiOlWfg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda24ba76bc9-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/icon/icon-CHINA.jpg?v=1.1
149.28.159.163200 OK 16 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-CHINA.jpg?v=1.1
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x205, components 3\012- data
Hash 93a33087c90257ae129c39d16458bb00
9d125e99ddaf3f01a61316184028bf63678f9437
a87200c9f6f59d8a2e85802ed045d0cef48b1479fa8e1a415407815e0c27f6bf
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-CHINA.jpg?v=1.1 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 16492
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "451078ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jNJZCBOvx7d1TDIF7W%2BaqWsJiDABdM7u%2Fjn84DbGmLFt2dyNzw2c5b4%2FuN7EwMrkjKfqyZXV9ASrBQ3Qm9YbyRo6%2FMM7D9yO92LxeVKn9UDIYKvROBzbBfRypg30ZPgDi72pLWZjlQKY%2FxIRUbc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda27c473e23-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/icon/icon-SINGAPORE.jpg?v=1.1
149.28.159.163200 OK 6.9 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-SINGAPORE.jpg?v=1.1
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 210x205, components 3\012- data
Hash 1b61fe941c5f21b6a5b2a0021304325e
57e917596324667df9bb88ef7aaa181bfd53ae0a
c1af05964be2562a6bbf7c1d8f2a19554198d2e2c1980454a2b8f61f307772ff
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-SINGAPORE.jpg?v=1.1 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 6870
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "451078ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r6E2yN4d72lVLCOhkGwaHQgYgBOKLlvuLnSHBXLeUD1VrmkuqlRT30cUqhf40PTQzs%2Fpyqt77M%2FIbMxi1lG00SxExs6YebkN%2Bw5BHlFgDUoRv93Sd6CmHrPFKK7BhsKd8LY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda27e546beb-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/s9p0VkC/DUEL-DICE.jpg
162.19.58.161200 OK 232 kB URL HTTP/2 i.ibb.co/s9p0VkC/DUEL-DICE.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 16:18:02], progressive, precision 8, 600x586, components 3\012- data
Size 232 kB (232242 bytes)
Hash ac8ae00839cd1aaf8d0b861e7f7c7697
f3b03bdb227f27acbefc763b7cc7fbf7b710ea43
e30d4b28dc602f479a33f788b421ef306c310143a81d47dfc70bd986b84f3943
GET /s9p0VkC/DUEL-DICE.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 232242
last-modified: Sun, 28 Aug 2022 09:46:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/VDCmJKk/INDIANA.jpg
162.19.58.161200 OK 262 kB URL HTTP/2 i.ibb.co/VDCmJKk/INDIANA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:09:38], progressive, precision 8, 600x586, components 3\012- data
Size 262 kB (262405 bytes)
Hash 5682ba4220e580cbac6e3704b403f136
3d397217a2f902f2e4892fe414a55a47ce2935bd
86325bd7362d45156a55d3a8bdf5d79c6b43413dca5ee6372e2869600736dbd7
GET /VDCmJKk/INDIANA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 262405
last-modified: Mon, 22 Aug 2022 15:12:42 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
api.livechatinc.com/v3.4/customer/rtm/ws?organization_id=90c7d184-34de-4d3d-b110-d4e359ddb525
23.36.79.8101 Switching Protocols 0 B URL HTTP/1.1 api.livechatinc.com/v3.4/customer/rtm/ws?organization_id=90c7d184-34de-4d3d-b110-d4e359ddb525
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3.4/customer/rtm/ws?organization_id=90c7d184-34de-4d3d-b110-d4e359ddb525 HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://secure.livechatinc.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aorLlD/9Ws/CVSmPVwRxZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
sec-websocket-accept: o1nA4LHa58YguhHMyQOOTlAd8wc=
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://secure.livechatinc.com
legacy: 2024-05-31
Date: Thu, 23 Mar 2023 16:07:36 GMT
Upgrade: websocket
Connection: Upgrade
i.ibb.co/Wc5byKt/NEW-YORK.jpg
162.19.58.161200 OK 264 kB URL HTTP/2 i.ibb.co/Wc5byKt/NEW-YORK.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:09:25], progressive, precision 8, 600x586, components 3\012- data
Size 264 kB (263993 bytes)
Hash d4cadbf25678c1507d0d464f9bab8b98
d27f2d89073efda4c13aab1ea71739003b4a3368
924b03d804fbd1089fdd07d9699e224ad48817c7d0c089b9eea66f64aec48921
GET /Wc5byKt/NEW-YORK.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 263993
last-modified: Mon, 22 Aug 2022 15:12:46 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/WndTrBp/FLORIA.jpg
162.19.58.161200 OK 262 kB URL HTTP/2 i.ibb.co/WndTrBp/FLORIA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:09:16], progressive, precision 8, 600x586, components 3\012- data
Size 262 kB (262103 bytes)
Hash 90544710a7d8df5fadd30b74ec8e7320
da7651c045124f7263b655f57bb8824f3cdaa58b
3c964776293ff3077ad23e83ab82917338e5eade1360f5d23f37ebc006b6411e
GET /WndTrBp/FLORIA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 262103
last-modified: Mon, 22 Aug 2022 15:12:41 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/ZNbGGMY/12D.jpg
162.19.58.161200 OK 261 kB IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 22:16:19 DIY-Thermocam raw data\012- (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset -0.000084, slope 273104202891264.000000], progressive, precision 8, 600x586, components 3\012- data
Size 261 kB (260629 bytes)
Hash 41cfafbcf898cc2bb21cd7b10bb17f9a
1408b3b1dde5d28365043ebec373b89894b04a47
f4d20a06762d9002d30edd72da74741b9754c9c22881968539ba7fb95d3f9e11
GET /ZNbGGMY/12D.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 260629
last-modified: Sun, 28 Aug 2022 09:46:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/23tgwzD/NUSA.jpg
162.19.58.161200 OK 266 kB URL HTTP/2 i.ibb.co/23tgwzD/NUSA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:07:16], progressive, precision 8, 600x586, components 3\012- data
Size 266 kB (265792 bytes)
Hash a2747397799664319ec09c1907b255ae
abffbaac65ed9a7b175e87cc8582fb12c2e80f63
626c0428cba93329c27f3849eb8b24c0a04e9ed8b0a4030a0388fc323a7aa6cd
GET /23tgwzD/NUSA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 265792
last-modified: Mon, 22 Aug 2022 15:12:46 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/0f3S8gd/DRAGON-TIGER.jpg
162.19.58.161200 OK 230 kB URL HTTP/2 i.ibb.co/0f3S8gd/DRAGON-TIGER.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 22:10:53], progressive, precision 8, 600x586, components 3\012- data
Size 230 kB (229921 bytes)
Hash 67542ce2345c074407e3b22fa3d5a4d1
062110a9a0101db692ff6c5bda1d7236eca6ccf5
d4d2375871e0d8ffaefc7831f842784898a44b424af2acbe88da5b8e18d578ee
GET /0f3S8gd/DRAGON-TIGER.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 229921
last-modified: Sun, 28 Aug 2022 09:46:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/qrnYTL5/SUWIT.jpg
162.19.58.161200 OK 210 kB URL HTTP/2 i.ibb.co/qrnYTL5/SUWIT.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 22:14:41 DIY-Thermocam raw data\012- (Lepton 2.x), scale 29804-28526, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 4631716526160289862879543296.000000, slope 1125978593735313417306112.000000], progressive, precision 8, 600x586, components 3\012- data
Size 210 kB (209825 bytes)
Hash f6f09fd0b95a469faf1feb9394ccf0cb
b84d5a37c5bba6e39acaf8c08fa24f97ce6ee577
a8f4037b2954c1286875e55257929f80b8069b98a97fd6ac962eacefc541fc00
GET /qrnYTL5/SUWIT.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 209825
last-modified: Sun, 28 Aug 2022 09:46:27 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/N33fjML/BACCARAT.jpg
162.19.58.161200 OK 239 kB URL HTTP/2 i.ibb.co/N33fjML/BACCARAT.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 22:27:13], progressive, precision 8, 600x586, components 3\012- data
Size 239 kB (238960 bytes)
Hash 78865f74c5edea62f4f4d7adf778e19f
ce820c3c07990efaa75c78a835f754b55bfb0ab3
7f15cc1addd38e9d7ad9ffabcb3f2ab28cb2a286899a2d7af5c60e79f9172b06
GET /N33fjML/BACCARAT.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 238960
last-modified: Sun, 28 Aug 2022 09:46:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/k3Z90Y6/REDWHITE.jpg
162.19.58.161200 OK 235 kB URL HTTP/2 i.ibb.co/k3Z90Y6/REDWHITE.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 22:12:38], progressive, precision 8, 600x586, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 9042-27764, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 549755813888.000000, slope 11024211116032.000000\012- data
Size 235 kB (234948 bytes)
Hash 4c94881b866273435e14b318c3eb56a5
72d197da337befc49327d171d975561e5d111af0
c154bdfa736abb69d0e5df58e824a36e0197f3fce9081a2360d66e8ac28ff65f
GET /k3Z90Y6/REDWHITE.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 234948
last-modified: Sun, 28 Aug 2022 09:46:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/47PtXp5/VIRGINIA.jpg
162.19.58.161200 OK 298 kB URL HTTP/2 i.ibb.co/47PtXp5/VIRGINIA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:49:48], baseline, precision 8, 600x586, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale -6912-0, spot sensor temperature 0.000000, unit celsius, color scheme 1, calibration: offset 4754540834632868954551630168064.000000, slope 4100876544.000000\012- data
Size 298 kB (298364 bytes)
Hash 7b524cf2cfeb9a8bb5218dbdbc378836
465c57c63d6d61e953ec7a49371f9ac3dda4e662
c90b2ec0e0d17b00ce6befb9484b25076c5bca726c647c598f5b814409983cf8
GET /47PtXp5/VIRGINIA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 298364
last-modified: Mon, 22 Aug 2022 15:12:52 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/vXd9Q0c/3D-SHIO.jpg
162.19.58.161200 OK 283 kB URL HTTP/2 i.ibb.co/vXd9Q0c/3D-SHIO.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 16:15:16], progressive, precision 8, 600x586, components 3\012- data
Size 283 kB (282888 bytes)
Hash 95a811f9049558e50030392201b1f6a5
156343079693d7e523258be818d3cddc8736927d
75485f7116c6d0ac52095c132eccd0fa3d2494d01b51695765cd2e09c1e1b778
GET /vXd9Q0c/3D-SHIO.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 282888
last-modified: Sun, 28 Aug 2022 09:46:18 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/Z8bJTGy/IDN4-STAND.jpg
162.19.58.161200 OK 242 kB URL HTTP/2 i.ibb.co/Z8bJTGy/IDN4-STAND.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 15:57:38], progressive, precision 8, 600x586, components 3\012- data
Size 242 kB (241483 bytes)
Hash 8a0201e22b99e5d3614aa26f314c17e7
69402a4140cef74255958a64c80cae4f15084e30
2ba9a518b11414cdb35f13c19eacab7b7172995a024e49e2333423ebf22264f9
GET /Z8bJTGy/IDN4-STAND.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 241483
last-modified: Sun, 28 Aug 2022 09:46:22 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/17QLZFF/OGLOK.jpg
162.19.58.161200 OK 233 kB URL HTTP/2 i.ibb.co/17QLZFF/OGLOK.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 22:08:42], progressive, precision 8, 600x586, components 3\012- data
Size 233 kB (233371 bytes)
Hash 2a77d932f96f37b21297bcb538298b58
605192cf324f840a947f302ffdda3f80083ca2ea
431a27fdf4df7b175fe4de5b56449252e765364ef1380fd340eeaf1545dafd1f
GET /17QLZFF/OGLOK.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 233371
last-modified: Sun, 28 Aug 2022 09:46:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
accounts.livechatinc.com/v2/customer/token
23.36.79.8200 OK 195 B URL HTTP/2 accounts.livechatinc.com/v2/customer/token
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type JSON data\012- , ASCII text
Hash 58d356243b1545e0802ae5bad18cd9a0
8d23e7b57dd8f827ab514f79e959c48b01e0fb9f
95cd7a2405c07a1b069b4cff96436fe825d7f37a7871d203e1ebd314dc5f2dd2
POST /v2/customer/token HTTP/1.1
Host: accounts.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 225
Origin: https://secure.livechatinc.com
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://secure.livechatinc.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: application/json
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
content-length: 195
date: Thu, 23 Mar 2023 16:07:36 GMT
set-cookie: __lc_cid=0f1e3396-4cf2-45b6-be02-23d4ebc911a0; Path=/v2/customer/token; Domain=accounts.livechatinc.com; Expires=Sun, 23 Mar 2025 16:07:36 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__lc_cst=f8db0167033ff8d82673382721ca28cc2b9740b54eada5289c3cf2b3723593cdebd81be3e3311eeb8e95ef9207e6f9dbe54312aa2226509c2b3ab6bc22c4; Path=/v2/customer/token; Domain=accounts.livechatinc.com; Expires=Sun, 23 Mar 2025 16:07:36 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__lc_cid=0f1e3396-4cf2-45b6-be02-23d4ebc911a0; Path=/customer/token; Domain=accounts.livechatinc.com; Expires=Sun, 23 Mar 2025 16:07:36 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__lc_cst=f8db0167033ff8d82673382721ca28cc2b9740b54eada5289c3cf2b3723593cdebd81be3e3311eeb8e95ef9207e6f9dbe54312aa2226509c2b3ab6bc22c4; Path=/customer/token; Domain=accounts.livechatinc.com; Expires=Sun, 23 Mar 2025 16:07:36 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__oauth_redirect_detector=counter=1&t=1679587686&tag=d9518c34b930b86d615e053f759e2e4cc27d161a; Path=/; Expires=Thu, 23 Mar 2023 16:08:06 GMT; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
i.ibb.co/5xFCqXZ/5D-BALL.jpg
162.19.58.161200 OK 279 kB URL HTTP/2 i.ibb.co/5xFCqXZ/5D-BALL.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 16:30:32], progressive, precision 8, 600x586, components 3\012- data
Size 279 kB (278595 bytes)
Hash b45d0de0beb24de0c9babf48e5542b02
468793aa41da17114f36c12e8b9cf54e1f893ba4
3c1fd762780d54d578c58192ce4dd9c23fc67976caf694d438bc5d6127a3a31c
GET /5xFCqXZ/5D-BALL.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 278595
last-modified: Sun, 28 Aug 2022 09:46:19 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/3TXqJvg/MONOPOLY.jpg
162.19.58.161200 OK 258 kB URL HTTP/2 i.ibb.co/3TXqJvg/MONOPOLY.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:24 21:58:29], progressive, precision 8, 600x586, components 3\012- data
Size 258 kB (258121 bytes)
Hash dfd1fbc76315d9f3a75ce5d406432871
0da376ce045b168536b1df8d7676f23daee61dd9
bf7486f6f2b82845aed44f9f6621314110e8ad31142c47f599f0c1ce60d86220
GET /3TXqJvg/MONOPOLY.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 258121
last-modified: Sun, 28 Aug 2022 09:46:23 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/wMNMBNw/WASHINGTON.jpg
162.19.58.161200 OK 267 kB URL HTTP/2 i.ibb.co/wMNMBNw/WASHINGTON.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 22:10:41], progressive, precision 8, 600x586, components 3\012- data
Size 267 kB (267185 bytes)
Hash 5f2714980cd4f94fda5837c9ed26d087
8ac265e31276b46a5b792d65b7e9eae9487528d5
de21abf96730697abdd5ddb823600b93a21b340bf94e01c0434fdfda06c40a93
GET /wMNMBNw/WASHINGTON.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 267185
last-modified: Mon, 22 Aug 2022 15:12:47 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/TRjrvkf/FANTAN.jpg
162.19.58.161200 OK 248 kB URL HTTP/2 i.ibb.co/TRjrvkf/FANTAN.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 15:56:22], progressive, precision 8, 600x586, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 0-16, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 18318080339638436707172352.000000, slope 262980206134914424304718240022528.000000\012- data
Size 248 kB (247491 bytes)
Hash ac2bd4fc34cc7bb8577cc246a83de832
94add681febcbe41903443f247534e6064031cf5
daa2c653a870e871ec63dc52b0f75701621ab93c72c1d0ad78ceeba4ea3d1567
GET /TRjrvkf/FANTAN.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 247491
last-modified: Sun, 28 Aug 2022 09:46:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/rQjQVbN/KOREA.jpg
162.19.58.161200 OK 292 kB URL HTTP/2 i.ibb.co/rQjQVbN/KOREA.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:22 21:54:58], baseline, precision 8, 600x586, components 3\012- data
Size 292 kB (292544 bytes)
Hash 2c7a0f41e443259f42356c698869885d
257cb761755f2afa746b98ec3ca8a9abf15b1316
9702c341c917187e30846352ce57e5e9bfd0c1a9251df4065f1fca88826accf4
GET /rQjQVbN/KOREA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 292544
last-modified: Mon, 22 Aug 2022 15:12:44 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/PZqsRK3/MICROGAMING.jpg
162.19.58.161200 OK 352 kB URL HTTP/2 i.ibb.co/PZqsRK3/MICROGAMING.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 16:43:05], progressive, precision 8, 600x586, components 3\012- data
Size 352 kB (351990 bytes)
Hash 14919eaba12af7827b39290386b364f8
a0f68059724097709ccdd01291de8fef99ad01b8
4c619a6870174a9a13848b8703c65e1eb9029437179db3804fd715f65a460529
GET /PZqsRK3/MICROGAMING.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 351990
last-modified: Sun, 28 Aug 2022 09:46:22 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/F38pBNv/PRAGMATIC.jpg
162.19.58.161200 OK 386 kB URL HTTP/2 i.ibb.co/F38pBNv/PRAGMATIC.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 16:39:52], progressive, precision 8, 600x586, components 3\012- data
Size 386 kB (386174 bytes)
Hash b325e703c1fbbfe5e93dfbd751b52448
ecb4fe9b2ad86f6b388d37d25ab3d9b83f855f84
efc92e7c34e5a1474c282449284f44e862e26dc1f77d91aec6306d1dace623ae
GET /F38pBNv/PRAGMATIC.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 386174
last-modified: Sun, 28 Aug 2022 09:46:24 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/img/icon/icon-JAKARTA.jpg?v=1.1
149.28.159.163200 OK 3.6 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-JAKARTA.jpg?v=1.1
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x205, components 3\012- data
Hash 3785eb96d6f7d0774939c36559a8166a
077c5c41619bf70f3d479a403705275daf9aba51
34476d824c5b114d1ddef0927981464f303eb8cdaf1e7323944738a37d4412fc
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-JAKARTA.jpg?v=1.1 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 3577
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "334a28ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fVtCJrEMzfCA1rOv0SWexQ3D75ptWjcMF1g0f0ixtEZvjmEaDrWwpktio%2BTpdBMlvGjRar%2BKYH8p5jD2c6BvNXRXCQkgeWltX4J6fFJOhSoNhJmK16TbUM6khcLwGfVlCgA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda3aa5b3f77-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/icon/icon-hongkong.jpg?v=1.1
149.28.159.163200 OK 4.7 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-hongkong.jpg?v=1.1
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 210x205, components 3\012- data
Hash 606bef132f2c25652dd62b4e7a5ff71e
2e75d728149ae3c864f8f2b827841697ebd5481e
8b2f204a6ecba604871a339562709f1194ae9ab0a2c8ad61564e4788682b9f2d
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-hongkong.jpg?v=1.1 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 4709
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "451078ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6RR%2FW1J4qxy%2FIqyCxphggK%2BzJPWKvW0RT7g%2Fk%2F5CPuMg84YheTOQ3oOWVYmDBWtofNGUyEuQdJFlPy%2Bfw40qwdgh2JQ%2BGyrm%2Bgxch4jG1kFw4%2FknfI%2FqfxJowpExrlp6yVGrQ%2Fo4MwV8aAwKdZY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda3ac163f52-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/RYcM5qv/TOPTREND.jpg
162.19.58.161200 OK 339 kB URL HTTP/2 i.ibb.co/RYcM5qv/TOPTREND.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 16:44:26], progressive, precision 8, 600x586, components 3\012- data
Size 339 kB (339092 bytes)
Hash 51a66a987c46ff7f595a35e2d848eac0
4ce958ed9fbfe738dbd9a1972f154308c37988a2
8ba10e609cc9fdbab797fc900e54a10e73dadc4f3a51f1a0bf401216ba6e0016
GET /RYcM5qv/TOPTREND.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 339092
last-modified: Sun, 28 Aug 2022 09:46:27 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
i.ibb.co/yW5ws3N/HABANERO.jpg
162.19.58.161200 OK 354 kB URL HTTP/2 i.ibb.co/yW5ws3N/HABANERO.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 16:42:17], progressive, precision 8, 600x586, components 3\012- data
Size 354 kB (353627 bytes)
Hash 4d2eb53a39018915da2e5fbefab47113
9e3b653d9198efb52c892bec0d0e2462d22068ea
5797302ecd299924ce389f0b8dd4d71dd765f516493406f0c4b024c2e17d124d
GET /yW5ws3N/HABANERO.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 353627
last-modified: Sun, 28 Aug 2022 09:46:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/img/icon/icon-D6.jpg?v=1.0
149.28.159.163200 OK 5.4 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-D6.jpg?v=1.0
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 210x205, components 3\012- data
Hash 59818809868556332479b364aab8ea7f
4027cbea0c7396fc1cb6dbc7b276392723cf8c9e
d942e4f9b28cd8cfe2961f8a40919d77a8548e8341782c9c129bccfb87dee632
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-D6.jpg?v=1.0 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 5421
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "334a28ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cRNOAQSu0eA4JkN%2BTxfAwLnRI%2BlCLXxi907eb2wxt3dcRG3FLQuomhsNddTg8lV1sjobNH8%2Fha0lt9Ym5tHJ21rzFWBLJSVXQhQT4DCN5M5wJTzPbJ7HpQiouG4dnQocwx7VVDREJjn%2FLL9a8SE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda44d7d87e1-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/icon/icon-24DSPIN.jpg?v=1.0
149.28.159.163200 OK 5.3 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-24DSPIN.jpg?v=1.0
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 210x205, components 3\012- data
Hash 97ce6779ea88d190219b696fdd95ad7c
14d912aeee43d9c6cebaac1f3c59ea97f7fd364b
bb33c75ebfea05c8a890cf324caa643447aff6ccc845cf1b6877d9d0ed214a61
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-24DSPIN.jpg?v=1.0 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 5339
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "8b5ff689e83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Jm2M4ahj0JGAMdpUHJdROIzjlT%2BLVI1xLKDjLnbWkh9phJX8hV1O8K1sIk7qPRYIPcJb6Kbq4x4L7iZaHpUjyhjkfFoNheS7JMPfN1XrVb3YovQKd%2Fk8XUBglz0ZFCZSpm%2Fhe7%2BAFOWdaVmsMI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda418cd4012-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/icon/icon-TM.jpg?v=1.0
149.28.159.163200 OK 52 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-TM.jpg?v=1.0
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 210x205, components 3\012- data
Hash 1aa941152037ed686d532ae5691731d7
8222036a29fa540a55dbfc2cfff401b12d5cfcf4
44afa7bac070be11a25113dd4ced630691439d7801bb9fbaf0b2251776d1e558
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-TM.jpg?v=1.0 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 52505
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "451078ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HdXnodwdIM3tFDaOtlQngdxd4CdqILIQghbxUkjzw4QcFNXn0EVJwPytxWJs2%2FKCsIudEea3y%2F6DfUYwAmgHY%2BTSjB8J8tbU1FBJNtAA9smGwzHfWuAo%2FbWbBYrhnGRWGhk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda44e8d40c1-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/icon/icon-24d.jpg?v=1.0
149.28.159.163200 OK 5.7 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-24d.jpg?v=1.0
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 210x205, components 3\012- data
Hash 68f536efd4d9cf08d6edcaf5ca4d7ced
a4771384bf6e12cc4737cf2f3bbabe27aa503e09
df5bfec8fd98e9195fb9f02960c1f2a06deb9f024dd04801a45b772feffbf5dd
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-24d.jpg?v=1.0 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 5662
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "8b5ff689e83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QhcNSRw%2BXvxnwXYUftdJAh3ibTXUtej%2BdqKf9SNlTYimTZhsogUC5eBq5Z50NIwOcPqV3diCLIV66v7ld4epkv5nBAzo9kuyfvUwZRJkFopCDhuMKwoEZ9QjK6zkww1gAjw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda44a0c9fec-SIN
alt-svc: h2=":443"; ma=60
i.ibb.co/WcTCCFH/IDNSLOT.jpg
162.19.58.161200 OK 358 kB URL HTTP/2 i.ibb.co/WcTCCFH/IDNSLOT.jpg
IP 162.19.58.161:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:08:28 16:37:30], progressive, precision 8, 600x586, components 3\012- data
Size 358 kB (357635 bytes)
Hash 9ed95aaa0d8250a918af7fde31a0b9c8
9813c5d577c8c9ed5aa9da650441d73640d7394d
a9ea89a5fbb123494eb10a47132a1e6da5cbedca8caecd46d54152aefb943b17
GET /WcTCCFH/IDNSLOT.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 357635
last-modified: Sun, 28 Aug 2022 09:46:22 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
149.28.159.163/assets/img/icon/icon-SD.jpg?v=1.0
149.28.159.163200 OK 6.4 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-SD.jpg?v=1.0
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 210x205, components 3\012- data
Hash 0ba7932557a2ef57f4a404c2e8cc89ca
bdaee9aa983c86abc3b6e12d904263d9d020b8d1
944e25293de1902e94503301ab274b4348c7d48828414eee613fdbfc614dd74c
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-SD.jpg?v=1.0 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 6397
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "451078ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PPpUHM6SZlJzydl0JrqknDSql%2BvzCqwEW%2BUa33BTyVJMfWwsweU9le7oWArBYJNK2kF7F8W6TkzgcR3Z8bZREY193%2FuQ1HlqfYJakA%2FYXT7zwUlN2aUzLRQrvw6Rw%2FjPMT78%2BAUbihWV%2FCcTj3k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda5a9019e40-SIN
alt-svc: h2=":443"; ma=60
149.28.159.163/assets/img/icon/icon-RL.jpg?v=1.0
149.28.159.163200 OK 6.0 kB URL HTTP/1.1 149.28.159.163/assets/img/icon/icon-RL.jpg?v=1.0
IP 149.28.159.163:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 210x205, components 3\012- data
Hash 4c00c62f6892b38be72ff21ba77bcd4f
cd3e7855bd7252fca7ee624819769b219e62afa9
df04e5456a26d89d36120c6078dadfb6e84b37b635c5b8f75a1ac75c27e1fc41
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/icon/icon-RL.jpg?v=1.0 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:36 GMT
Content-Type: image/jpeg
Content-Length: 5961
Connection: keep-alive
Cache-Control: max-age=14400
Last-Modified: Sat, 18 Jun 2022 12:25:47 GMT
ETag: "1db748ae83d81:0"
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1q15ULSktM1xoRCDymO6LZEk%2BdQulvhRtESMbN6VC2faid8I6MUieoAhl3KEKkspA3H8GaUJhsX4BjcW2MKVj%2FDWQihZFb3SRheYb5EWffxXP7TDbepHzJaoZvlcMxly82eWy1VPFD9oYjM%2FktM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda5acb94027-SIN
alt-svc: h2=":443"; ma=60
img.greatlink.click/uploads/1356455056_gif%20banner%20exo%20baru%20cb%20casino2.gif
66.29.132.119200 OK 2.5 MB URL HTTP/2 img.greatlink.click/uploads/1356455056_gif%20banner%20exo%20baru%20cb%20casino2.gif
IP 66.29.132.119:0
File type GIF image data, version 89a, 842 x 112\012- data
Size 2.5 MB (2531232 bytes)
Hash 6f5b42903e6718facfe3f1ddc3faf49f
ee24ca973e39836eb2b6fac1abe24fd91544fd84
174316103b27e9505fd7ba38d41acba2fd06533d3933c110912662e914c36da4
GET /uploads/1356455056_gif%20banner%20exo%20baru%20cb%20casino2.gif HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:34 GMT
content-type: image/gif
last-modified: Wed, 08 Feb 2023 15:35:40 GMT
accept-ranges: bytes
content-length: 2531232
date: Thu, 23 Mar 2023 16:07:34 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
platform.twitter.com/widgets.js
192.229.233.25200 OK 28 kB URL HTTP/1.1 platform.twitter.com/widgets.js
IP 192.229.233.25:0
File type Unicode text, UTF-8 text, with very long lines (38752)
Hash 8aa708f5eebf10bd82e942dabf1623a5
326a6d469222302a80ecf29039e7837d8870ee47
fcfdc2930fdd7f4b3c7f0c1308ce2e89fcc5082ae6a0a1e16ecf0f7e417f1368
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 849
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Thu, 23 Mar 2023 16:07:36 GMT
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F70D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 27630
platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2F149.28.159.163
192.229.233.25200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2F149.28.159.163
IP 192.229.233.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56166)
Size 105 kB (105435 bytes)
Hash 58f06e7d628e7e207cad8e48c9cc76be
9042f057d52be00c9535ce93b0ce4c03707e0c41
ea6c34f2e7acfea93ba722fe283f2704392dc518c9a0d1eeca0ba03a0b63d789
GET /widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2F149.28.159.163 HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 674090
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 23 Mar 2023 16:07:37 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F709)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
x-amz-server-side-encryption: AES256
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105435
149.28.159.163/assets/img/bcw/favicon.png?v=1679587650
149.28.159.163200 OK 3.5 kB URL HTTP/1.1 149.28.159.163/assets/img/bcw/favicon.png?v=1679587650
IP 149.28.159.163:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b7b49f80e1197e050ba12279e332d845
11c682788420e2897dcae1ec93702bbcf4eb29b6
6fdf3082a354afcd00ce9032162364b78ccb306f690081d37615bfffb3465bd8
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/img/bcw/favicon.png?v=1679587650 HTTP/1.1
Host: 149.28.159.163
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Cookie: PHPSESSID=op9fa5dqp36rmda3nnvvji8uqc; agent=kexaa; link_img=bcw; koderedis=1519; public=bcw; _ga_ZVKJ9PJR49=GS1.1.1679587660.1.0.1679587660.0.0.0; _ga=GA1.1.921003537.1679587661
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 23 Mar 2023 16:07:37 GMT
Content-Type: image/png
Content-Length: 3486
Connection: keep-alive
Last-Modified: Sat, 16 Jul 2022 09:56:04 GMT
ETag: "551c2943fa98d81:0"
Strict-Transport-Security: max-age=31536000
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bpJvRUdFtAmVWKj8Z3fDb0G7z6quWD5ilRP5oeA%2Bt7RkGsQ2IqfBkzQEaP7%2BiuPhvEorAUzzphubVVK1AjK1kGrcupCTYvIq4d45x6NleB8uYf8gzt7vSCblHZ3OHUm39So%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7ac7eda83df39f7a-SIN
alt-svc: h2=":443"; ma=60
cdn.livechatinc.com/widget/static/media/new_message.34190d36.ogg
23.36.79.8206 Partial Content 11 kB URL HTTP/2 cdn.livechatinc.com/widget/static/media/new_message.34190d36.ogg
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type Ogg data, Vorbis audio, stereo, 44100 Hz, ~112000 bps\012- data
Hash a37211a6cfcda45352d5abcff1e446bb
5f46f941ea3247a17e35be65dcd38583c7ecbfb6
1d0bdbe8013ddd58bf31229ea12bd42dfe6bf4cb022cc65d519a45a13c403b5d
GET /widget/static/media/new_message.34190d36.ogg HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
content-type: application/octet-stream
last-modified: Tue, 07 Jun 2022 10:31:15 GMT
x-amz-version-id: 0eCQ7JzXZ_yjxrlSX_vlQead.GgqRhbb
accept-ranges: bytes
server: AmazonS3
etag: "a37211a6cfcda45352d5abcff1e446bb"
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: Jl-kA9f70ZstJ4iycPT9C0iokBLbhTz1Y4Rh3_BJ2ixGlD1N4r6mMA==
cache-control: max-age=31536000
expires: Fri, 22 Mar 2024 16:07:37 GMT
date: Thu, 23 Mar 2023 16:07:37 GMT
content-range: bytes 0-11403/11404
content-length: 11404
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 313 B IP 192.229.221.95:0
Hash 550e7c0df653074713a99ef9c0461535
56f702a719f6d3089ec964f91ad2c99c1a5e9990
b1dca2146581f71dde7c894a167d9bdf549e1223e9962fbd675fa6def997d9aa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1408
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 16:07:37 GMT
Last-Modified: Thu, 23 Mar 2023 15:44:09 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 313
syndication.twitter.com/settings?session_id=7b0b66147851c5bced2542cce1a0f4ef5da31eb4
104.244.42.8200 OK 284 B URL HTTP/2 syndication.twitter.com/settings?session_id=7b0b66147851c5bced2542cce1a0f4ef5da31eb4
IP 104.244.42.8:0
File type JSON data\012- , ASCII text, with very long lines (663), with no line terminators
Hash 8792f18dcb406af2be326e0dd816eed7
d1ad89d9036b3985071b394706514862f7c687ce
19640da1d34fa31a031d58d27be6408f6703dddc3c4495f72d55a60f518b7cba
GET /settings?session_id=7b0b66147851c5bced2542cce1a0f4ef5da31eb4 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 16:07:37 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Thu, 23 Mar 2023 16:07:37 GMT
content-length: 284
content-encoding: gzip
x-transaction-id: 53c1750c23a504a1
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 119
x-connection-hash: d9dcb50ee73ecf42c7036e67d8e3019080a58fcdec4d64ccdda332d43729961f
X-Firefox-Spdy: h2
cdn.livechatinc.com/widget/static/js/3.e9ed6e3a.chunk.js
23.36.79.8200 OK 10 kB URL HTTP/2 cdn.livechatinc.com/widget/static/js/3.e9ed6e3a.chunk.js
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32629), with no line terminators
Hash 07436ea532c335f1bd5ac7ae82dd91be
f454ff7ad9e3e376492703e571ef29912e6f59a9
e090cfb7d902aa959c0b2ef8dca080b24650d9a620c7aa1a4617bde1fb3d4ca5
GET /widget/static/js/3.e9ed6e3a.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Mar 2023 09:29:10 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: vXC5UIu7gFBOtz6OaM.UvXr0sK8z0uYf
server: AmazonS3
content-encoding: br
etag: W/"d75894263db782f92fc0b355ef0789d8"
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: kaGdVbjXkFwfQOLHmUROZLVaKtKf2C7l1CW4-lqTAoFsHhrOYRYPcQ==
content-length: 9990
cache-control: max-age=31536000
expires: Fri, 22 Mar 2024 16:07:37 GMT
date: Thu, 23 Mar 2023 16:07:37 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.livechatinc.com/widget/static/js/6.64267759.chunk.js
23.36.79.8200 OK 6.9 kB URL HTTP/2 cdn.livechatinc.com/widget/static/js/6.64267759.chunk.js
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (20417), with no line terminators
Hash 3f047295fc5a6944950c68918a318b0a
c17ed7b31b6ee5f27eb08234de9faaf597562edb
2d974df61922d10dea8d71453ad811e2cb6a34a810fbf0c2a6ed0037dcca4e96
GET /widget/static/js/6.64267759.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Mar 2023 09:29:10 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: RW5NewhZ9rYa1CdmH0I_D70MjzsE5AMS
server: AmazonS3
content-encoding: br
etag: W/"38a0af502e44ee5b24ba805a9f7a91ea"
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 9N_iqM1i_GYLWWcQ81PSP7RGIeaf7qy5TV2TdR4dppAHuF3e5upLgg==
content-length: 6945
cache-control: max-age=31536000
expires: Fri, 22 Mar 2024 16:07:37 GMT
date: Thu, 23 Mar 2023 16:07:37 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.livechatinc.com/widget/static/js/2.20a5c3fd.chunk.js
23.36.79.8200 OK 12 kB URL HTTP/2 cdn.livechatinc.com/widget/static/js/2.20a5c3fd.chunk.js
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (36618), with no line terminators
Hash fad70f33cbe748e981cd104e275a844a
a3fa1bda476cb4031e1e3afdd4fa869ee7c2871e
53fd23b80a1a7db3f2789cda52a2f9ac13969248e8ec4089248e955b1fa9e3a2
GET /widget/static/js/2.20a5c3fd.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Mar 2023 09:29:10 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 0Wue6HO.Ab0RrQECWqDoH3UNgU_9hLBQ
server: AmazonS3
content-encoding: br
etag: W/"89f6ad71d57fdfaaa33c6e689edb1b78"
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: wTYzB35QKG8YmMn02WJa1EMHJYyNoxPCD6ETgL7Amu3BwhwwkzIurg==
content-length: 11482
cache-control: max-age=31536000
expires: Fri, 22 Mar 2024 16:07:37 GMT
date: Thu, 23 Mar 2023 16:07:37 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.livechatinc.com/widget/static/js/main-view.d9bddbc3.chunk.js
23.36.79.8200 OK 37 kB URL HTTP/2 cdn.livechatinc.com/widget/static/js/main-view.d9bddbc3.chunk.js
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash bac0e449b9a4a1d951fccabb4d7b1349
1c4ee9002ec18d5b41c1db971fe10075b9454510
7e160b0bd4300f5acb3cf2dc7371b737d9d948ea00b3e77b5804ef74de1847c6
GET /widget/static/js/main-view.d9bddbc3.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Mar 2023 09:29:10 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 6N8X8BMDO6uIxyX5H3TB3WfIlz4FkgSQ
server: AmazonS3
content-encoding: br
etag: W/"b4298fea69c72902279848c57fdfa45e"
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: NVn5PTpyZJzZOPUSxMMPHEWREf9HsjvMjaMPSEZeSZOc0pJFijInZw==
content-length: 37372
cache-control: max-age=31536000
expires: Fri, 22 Mar 2024 16:07:37 GMT
date: Thu, 23 Mar 2023 16:07:37 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cff797b-5560-422b-9907-7a2fbe8dd123.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cff797b-5560-422b-9907-7a2fbe8dd123.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05c7970e81559904d05b6e8cf693f085
709b01a360624eceafb1876f56378824aa4936b3
a4fd80c9bdce27961560d7c31e216706e9e32d42d1edd883e283c149505b3db0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cff797b-5560-422b-9907-7a2fbe8dd123.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7424
x-amzn-requestid: 9a2bd57a-40d2-4bc0-b4ca-183e9a928bdc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM-3aGPzoAMFj6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b782f-0dc56e4a7c4aaeb45b45c75b;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:50:39 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 8mTKClr9GKzzrm1TtEmMeBnOQfMLTO4dBuAO-fE4UEfV-SwrFbkjZQ==
via: 1.1 ec27e2bbc77d9805bead471453d2094c.cloudfront.net (CloudFront), 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 02:54:31 GMT
age: 47587
etag: "709b01a360624eceafb1876f56378824aa4936b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
i.ibb.co/dBstPZk/CHINA.jpg
162.19.58.161200 OK 0 B URL HTTP/2 i.ibb.co/dBstPZk/CHINA.jpg
IP 162.19.58.161:0
GET /dBstPZk/CHINA.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 294227
last-modified: Mon, 22 Aug 2022 15:12:40 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.livechat-files.com/api/file/lc/img/14437305/e5e9e9de39bdf8cfaa0ee34f1bcdc3fa.gif
23.36.79.8200 OK 0 B URL HTTP/2 cdn.livechat-files.com/api/file/lc/img/14437305/e5e9e9de39bdf8cfaa0ee34f1bcdc3fa.gif
IP 23.36.79.8:0
ASN #20940 Akamai International B.V.
GET /api/file/lc/img/14437305/e5e9e9de39bdf8cfaa0ee34f1bcdc3fa.gif HTTP/1.1
Host: cdn.livechat-files.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 1045931
content-type: image/gif
cache-control: private, max-age=86301
date: Thu, 23 Mar 2023 16:07:38 GMT
set-cookie: FASID=FA1-DAL13|ZBx5T; path=/; Secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
img.greatlink.click/uploads/560837104_share%20welcome%20to%20exototo.png
66.29.132.119200 OK 0 B URL HTTP/2 img.greatlink.click/uploads/560837104_share%20welcome%20to%20exototo.png
IP 66.29.132.119:0
GET /uploads/560837104_share%20welcome%20to%20exototo.png HTTP/1.1
Host: img.greatlink.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Thu, 30 Mar 2023 16:07:37 GMT
content-type: image/png
last-modified: Sun, 19 Feb 2023 08:01:08 GMT
accept-ranges: bytes
content-length: 1370736
date: Thu, 23 Mar 2023 16:07:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
i.ibb.co/VSPmmTZ/MICHIGAN.jpg
162.19.58.161200 OK 0 B URL HTTP/2 i.ibb.co/VSPmmTZ/MICHIGAN.jpg
IP 162.19.58.161:0
GET /VSPmmTZ/MICHIGAN.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://149.28.159.163/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 16:07:35 GMT
content-type: image/jpeg
content-length: 264301
last-modified: Mon, 22 Aug 2022 15:12:45 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2